1.\" $NetBSD: bozohttpd.8,v 1.99 2024/11/22 22:21:51 lukem Exp $ 2.\" 3.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ 4.\" 5.\" Copyright (c) 1997-2024 Matthew R. Green 6.\" All rights reserved. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 22.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 24.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.Dd November 22, 2024 30.Dt BOZOHTTPD 8 31.Os 32.Sh NAME 33.Nm bozohttpd 34.Nd hyper text transfer protocol version 1.1 daemon 35.Sh SYNOPSIS 36.Nm 37.Op Fl EGHVXdefhnqsu 38.Op Fl C Ar suffix cgihandler 39.Op Fl I Ar port 40.Op Fl L Ar prefix script 41.Op Fl M Ar suffix type encoding encoding11 42.Op Fl m Ar version 43.Op Fl P Ar pidfile 44.Op Fl R Ar readme 45.Op Fl S Ar version 46.Op Fl T Ar type timeout 47.Op Fl U Ar username 48.Op Fl Z Ar cert privkey 49.Op Fl c Ar cgibin 50.Op Fl i Ar address 51.Op Fl p Ar pubdir 52.Op Fl t Ar chrootdir 53.Op Fl v Ar virtualroot 54.Op Fl x Ar index 55.Op Fl z Ar ciphers 56.Ar slashdir 57.Op Ar myname 58.Sh DESCRIPTION 59The 60.Nm 61program reads a 62.Em HTTP 63request from the standard input, and sends a reply to the standard output. 64Besides ~user translation and virtual hosting support (see below), all file 65requests are from 66.Ar slashdir 67directory. 68The server uses 69.Ar myname 70as its name, which defaults to the local hostname, obtained from 71.Xr gethostname 3 72(but see the 73.Fl v 74option for virtual hosting.) 75.Nm 76writes logs to 77.Xr syslog 3 78using the ftp facility (but see the 79.Fl s 80option for testing and the 81.Fl q 82option for suppressing this.) 83.Nm 84is designed to be small, simple and relatively featureless, 85hopefully increasing its security. 86.Ss OPTIONS 87The following options are available: 88.Bl -tag -width xxxcgibin 89.It Fl b 90Enables stand-alone daemon mode, where 91.Nm 92detaches from the current terminal and runs in the background 93(unless invoked with 94.Fl f ) , 95listens on the appropriate IP address 96(see 97.Fl i Ar address ) 98and TCP port 99(see 100.Fl I Ar port ) , 101and services HTTP requests. 102.Nm 103does not use 104.Xr inetd 8 105in stand-alone daemon mode. 106.It Fl C Ar suffix cgihandler 107Adds a new CGI handler program for a particular file type. 108The 109.Ar suffix 110should be any normal file suffix, and the 111.Ar cgihandler 112should be a full path to an interpreter. 113This option is the only way to enable CGI programs that exist 114outside of the cgibin directory to be executed. 115Multiple 116.Fl C 117options may be passed. 118.It Fl c Ar cgibin 119Enables the CGI/1.1 interface. 120The 121.Ar cgibin 122directory is expected to contain the CGI programs to be used. 123.Nm 124looks for URLs in the form of 125.Ql /cgi-bin/ Ns Ar scriptname 126where 127.Ar scriptname 128is a valid CGI program in the 129.Ar cgibin 130directory. 131In other words, all CGI URLs must begin with 132.Ql \%/cgi-bin/ . 133Note that the CGI/1.1 interface is available with 134.Ql ~user 135translation using 136.Fl E 137switch. 138.It Fl d 139Enables debug support. 140.It Fl E 141Enables CGI/1.1 interface for 142.Ql ~user 143translation. 144Note that enabling this support implies that users can run commands 145as the web server user. 146This may have security implications. 147.It Fl e 148Do not clear the environment when used with either the 149.Fl t 150or 151.Fl U 152options. 153.It Fl f 154Stops the 155.Fl b 156option from detaching 157.Nm 158from the tty and going into the background as part of stand-alone daemon mode. 159This implies the 160.Fl b 161option. 162.It Fl G 163Get the 164.Nm 165version string, print it on standard output, and exit. 166.It Fl H 167Changes directory index mode 168(see 169.Fl X 170option) 171to hide files and directories that start with a period 172.Pq Ql \&. , 173except for 174.Pa .. . 175.It Fl I Ar port 176Use 177.Ar port 178instead of the default 179.Dq http 180port 181(usually 80, see 182.Xr services 5 ) . 183When used with the 184.Fl b 185or 186.Fl f 187options, this option changes the bound port. 188Otherwise this option forces redirections to use this port 189instead of the value obtained via 190.Xr getsockname 2 . 191.It Fl i Ar address 192Use 193.Ar address 194as the address to bind to in stand-alone daemon mode. 195If this option is not provided, all available IP addresses 196will be listened to. 197Only the last 198.Fl i 199option is used. 200This option is only valid with the 201.Fl b 202or 203.Fl f 204options. 205.It Fl L Ar prefix script 206Adds a new Lua script for a particular prefix. 207The 208.Ar prefix 209should be an arbitrary text, and the 210.Ar script 211should be a full path to a Lua script. 212Multiple 213.Fl L 214options may be passed. 215A separate Lua state is created for each prefix. 216The Lua script can register callbacks using the 217.Dl httpd.register_handler('suffixpath', luafunc) 218Lua function, 219which will trigger the execution of the Lua function 220.Fn luafunc 221when a URL in the form 222.Sm off 223.Li http:// Ar hostname Li / Ar prefix Li / Ar suffixpath 224.Sm on 225is being accessed. 226The function is passed three tables as arguments, the server 227environment, the request headers, and the decoded query string 228plus any data that was sent as application/x-www-form-urlencoded. 229.It Fl M Ar suffix type encoding encoding11 230Adds a new entry to the table that converts file suffixes to 231content type and encoding. 232This option takes four additional arguments containing 233the file prefix, its 234.Dq Content-Type , 235.Dq Content-Encoding , 236and 237.Dq Content-Encoding 238for HTTP/1.1 connections, respectively. 239If any of these are a single dash 240.Pq Dq - , 241the empty string is used instead. 242Multiple 243.Fl M 244options may be passed. 245.It Fl m Ar version 246Set the minimum supported SSL protocol 247.Ar version . 248The valid values of 249.Ar version 250are 251.Dq TLSv1.1 , 252.Dq TLSv1.2 , 253and 254.Dq TLSv1.3 . 255The default version is 256.Dq TLSv1.1 . 257.It Fl n 258Stops 259.Nm 260from doing IP address to name resolution of remote hosts. 261This affects the 262.Ev REMOTE_HOST 263environment variable for CGI programs and Lua scripts. 264.It Fl P Ar pidfile 265Create a PID file in 266.Ar pidfile 267when run in daemon mode with the 268.Fl b 269or 270.Fl f 271options. 272.It Fl p Ar pubdir 273Changes the default user directory for 274.Ql /~user/ 275translations from 276.Pa public_html 277to 278.Ar pubdir . 279.It Fl q 280Quiet mode - no log entries generated. 281.It Fl R Ar readme 282When directory indexing is enabled 283(see 284.Fl X 285option), 286include the contents of the file 287.Ar readme 288in the footer of the directory index. 289.It Fl S Ar version 290Sets the internal server version to 291.Ar version . 292.It Fl s 293Forces logging to be set to stderr always. 294.It Fl T Ar type timeout 295Set the timeout for 296.Ar type 297to 298.Ar timeout . 299The valid values of 300.Ar type 301are 302.Dq ssl timeout , 303.Dq initial timeout , 304.Dq header timeout , 305and 306.Dq request timeout . 307The default values are 30 seconds, 30 seconds, 10 seconds and 600 seconds, 308respectively. 309.It Fl t Ar chrootdir 310Makes 311.Nm 312chroot to the specified directory 313before answering requests. 314Every other path should be specified relative 315to the new root, if this option is used. 316Note that the current environment 317is normally replaced with an empty environment with this option, unless the 318.Fl e 319option is also used. 320.It Fl U Ar username 321Switch to the user and the groups of 322.Ar username 323after initialization. 324This option, like 325.Fl t 326above, causes 327.Nm 328to clear the environment unless the 329.Fl e 330option is given. 331.It Fl u 332Enables the transformation of Uniform Resource Locators of 333the form 334.Ql /~user/ 335into the directory 336.Pa ~user/public_html 337(but see the 338.Fl p 339option above). 340.It Fl V 341Sets the backup virtual host directory to the 342.Ar slashdir 343argument. 344If no directory exists in 345.Ar virtualroot 346for the request, then 347.Ar slashdir 348will be used. 349The default behavior is to return 404 (Not Found.) 350.It Fl v Ar virtualroot 351Enables virtual hosting support. 352Directories in 353.Ar virtualroot 354will be searched for a matching virtual host name, when parsing 355the HTML request. 356If a matching name is found, it will be used 357as both the server's real name, 358.Op Ar myname , 359and as the 360.Ar slashdir . 361See the 362.Sx EXAMPLES 363section for an example of using this option. 364.It Fl X 365Enables directory indexing. 366A directory index will be generated only when the default 367index file is not present 368(i.e., 369.Pa index.html 370unless changed with 371.Fl x Ar index ) . 372.It Fl x Ar index 373Changes the default file read for directories from 374.Pa index.html 375to 376.Ar index . 377.It Fl Z Ar certificate_path privatekey_path 378Sets the path to the server certificate file and the private key file 379in PEM format. 380This option also causes 381.Nm 382to start SSL mode. 383.It Fl z Ar ciphers 384Sets the list of SSL ciphers (see 385.Xr SSL_CTX_set_cipher_list 3 ) . 386.El 387.Pp 388Note that in 389.Nm 390versions 20031005 and prior that supported the 391.Fl C 392and 393.Fl M 394options, they took a single space-separated argument that was parsed. 395since version 20040828, they take multiple options (2 in the case of 396.Fl C 397and 4 in the case of 398.Fl M . ) 399.Ss INETD CONFIGURATION 400By default 401.Nm 402uses 403.Xr inetd 8 404by default to process incoming TCP connections for HTTP requests 405(unless stand-alone daemon mode is enabled with the 406.Fl b 407or 408.Fl f 409options), 410.Nm 411has little internal networking knowledge. 412(Indeed, you can run 413.Nm 414on the command line with little change of functionality.) 415A typical 416.Xr inetd.conf 5 417entry would be: 418.Bd -literal 419http stream tcp nowait:600 _httpd /usr/libexec/httpd httpd /var/www 420http stream tcp6 nowait:600 _httpd /usr/libexec/httpd httpd /var/www 421.Ed 422.Pp 423This would serve web pages from 424.Pa /var/www 425on both IPv4 and IPv6 ports. 426The 427.Ql :600 428changes the 429requests per minute to 600, up from the 430.Xr inetd 8 431default of 40. 432.Pp 433Using the 434.Nx 435.Xr inetd 8 , 436you can provide multiple IP-address based HTTP servers by having multiple 437listening ports with different configurations. 438.Ss NOTES 439This server supports the 440.Em HTTP/0.9 , 441.Em HTTP/1.0 , 442and 443.Em HTTP/1.1 444standards. 445Support for these protocols is very minimal and many optional features are 446not supported. 447.Pp 448.Nm 449can be compiled without 450CGI support (NO_CGIBIN_SUPPORT), 451user transformations (NO_USER_SUPPORT), 452directory index support (NO_DIRINDEX_SUPPORT), 453daemon mode support (NO_DAEMON_MODE), 454dynamic MIME content (NO_DYNAMIC_CONTENT), 455Lua support (NO_LUA_SUPPORT), 456and SSL support (NO_SSL_SUPPORT) 457by defining the listed macros when building 458.Nm . 459.Ss HTTP BASIC AUTHORIZATION 460.Nm 461has support for HTTP Basic Authorization. 462If a file named 463.Pa .htpasswd 464exists in the directory of the current request, 465.Nm 466will restrict access to documents in that directory 467using the RFC 2617 HTTP 468.Dq Basic 469authentication scheme. 470.Pp 471Note: 472This does not recursively protect any sub-directories. 473.Pp 474The 475.Pa .htpasswd 476file contains lines delimited with a colon containing 477user names and passwords hashed with 478.Xr crypt 3 , 479for example: 480.Bd -literal 481heather:$1$pZWI4tH/$DzDPl63i6VvVRv2lJNV7k1 482jeremy:A.xewbx2DpQ8I 483.Ed 484.Pp 485On 486.Nx , 487the 488.Xr pwhash 1 489utility may be used to generate hashed passwords. 490.Pp 491While 492.Nm 493distributed with 494.Nx 495has support for HTTP Basic Authorization enabled by default, 496in the portable distribution this feature is disabled. 497Compile 498.Nm 499with 500.Dq -DDO_HTPASSWD 501on the compiler command line to enable this support. 502This may require linking with the crypt library, using 503.Dq -lcrypt . 504.Ss BLOCKLIST SUPPORT 505On 506.Nx , 507.Nm 508supports 509.Xr blocklistd 8 510by default. 511The support can be disabled with the 512.Dq -DNO_BLOCKLIST_SUPPORT 513compilation option. 514.Pp 515Upon occurrence, 516.Nm 517reports two HTTP status codes to 518.Xr blocklistd 8 519as failures: 520.Er 401 521(``Unauthorized'') 522and 523.Er 403 524(``Forbidden'') . 525Of these, 526.Er 401 527is the one received upon authorization failure with the 528HTTP Basic Authorization mechanism. 529A successful authorization decreases the counter kept by 530.Xr blocklistd 8 . 531.Pp 532Note that the implementation of the HTTP Basic Authorization mechanism 533uses a redirection; a status code 534.Er 401 535is always initially received. 536Therefore, a single authorization failure of 537.Pa .htpasswd 538is reported as two failures to 539.Xr blocklistd 8 , 540but no failures are recorded upon successful authorization 541due to the decrease of the failure counter. 542.Ss SSL SUPPORT 543.Nm 544has support for TLSv1.1 and TLSv1.2 protocols that are included by 545default. 546This requires linking with the crypto and ssl library, using 547.Dq -lcrypto -lssl . 548To disable SSL SUPPORT compile 549.Nm 550with 551.Dq -DNO_SSL_SUPPORT 552on the compiler command line. 553.Pp 554To have an enforced redirect, such as http to https, create a shadow 555directory root that contains a 556.Pa .bzabsredirect 557file that points to the real target. 558.Ss COMPRESSION 559.Nm 560supports a very basic form of compression. 561.Nm 562will serve the requested file postpended with 563.Dq Pa .gz 564if it exists, it is readable, the client requested gzip compression, and 565the client did not make a ranged request. 566.Sh FILES 567.Nm 568processes specific files in each directory that 569enables certain features on a per-directory basis. 570These per-directory files are: 571.Bl -tag -width .htpasswd 572.It Pa .bzabsredirect 573Symbolic link to the absolute URL pointed to by this symlink. 574This is useful to redirect to different servers. 575See 576.Sx SYMBOLIC LINK REDIRECTION . 577.It Pa .bzredirect 578Symbolic link to URL for 579.Nm 580to perform a smart redirect to the target of this symlink. 581The target is assumed to live on the same server. 582If target starts with slash then absolute redirection is performed, 583otherwise it is handled as relative. 584See 585.Sx SYMBOLIC LINK REDIRECTION . 586.It Pa .bzremap 587Used by rewrite mappings; see 588.Sx REWRITE MAPPINGS . 589.It Pa .htpasswd 590Used by HTTP basic authorization; see 591.Sx HTTP BASIC AUTHORIZATION . 592.El 593.Ss SYMBOLIC LINK REDIRECTION 594Two forms of redirection are supported: 595.Bl -enum 596.It 597A symbolic link without schema will use 598.Li http:// 599as default. 600E.g., a symbolic link to 601.Pa NetBSD.org 602will redirect to 603.Lk http://NetBSD.org/ . 604.It 605A symbolic link with a schema uses the provided schema. 606E.g., a symbolic link to 607.Pa ftp://NetBSD.org/ 608will redirect to 609.Lk ftp://NetBSD.org/ . 610.El 611.Ss REWRITE MAPPINGS 612If a 613.Pa .bzremap 614file is found at the root of a (virtual) server, it is expected to contain 615rewrite mappings for URLs. 616.Pp 617These remappings are performed internally in the server before authentication 618happens and can be used to hide implementation details, like the CGI handler 619specific suffix for non cgi scripts in authorized directories. 620.Pp 621The map file consists of lines two paths separated by a colon, where the left 622side needs to exactly match a (sub) path of the request and will be replaced 623by the right side. 624.Pp 625The first match always wins. 626.Pp 627A 628.Pa .bzremap 629file could look like this: 630.Bd -literal 631/nic/update:/auth-dir/updipv4.pl 632.Ed 633.Pp 634The remap file should be short, access to it is slow and needs to happen 635on each request. 636If a request path needs to include a colon 637.Pq Ql \&: 638character, it can be escaped 639with a backslash 640.Pq Ql \e 641The right hand side of the colon is always used verbatim, no escape sequences 642are interpreted. 643.Sh EXAMPLES 644To configure set of virtual hosts, one would use an 645.Xr inetd.conf 5 646entry like: 647.Bd -literal 648http stream tcp nowait:600 _httpd /usr/libexec/httpd httpd -v /var/vroot /var/www 649.Ed 650.Pp 651and inside 652.Pa /var/vroot 653create a directory (or a symlink to a directory) with the same name as 654the virtual host, for each virtual host. 655Lookups for these names are done in a case-insensitive manner, and may 656include the port number part of the request, allowing for distinct 657virtual hosts on the same name. 658.Pp 659To use 660.Nm 661with PHP, one must use the 662.Fl C 663option to specify a CGI handler for a particular file type. 664Typically this will be like: 665.Bd -literal 666httpd -C .php /usr/pkg/bin/php-cgi /var/www 667.Ed 668.Pp 669Note that a plain script interpreter can not be used directly as a cgihandler, 670as there are no command line options passed from 671.Nm 672to avoid security issues. 673.Pp 674If no CGI-aware wrapper exists, a simple shell script like the following 675might do. 676.Pp 677It would be invoked like: 678.Bd -literal 679httpd -C .pl /www-scripts/bin/run.perl /var/www 680.Ed 681and the script could look like: 682.Bd -literal 683#! /bin/sh 684 685if [ -r "$SCRIPT_FILENAME" -a -x "$SCRIPT_FILENAME" ]; then 686 exec /usr/pkg/bin/perl "$SCRIPT_FILENAME" 687fi 688 689exit 1 690.Ed 691.Sh SEE ALSO 692.Xr inetd.conf 5 , 693.Xr services 5 , 694.Xr inetd 8 695.Sh HISTORY 696.Nm 697was first written in perl, based on another perl http server 698called 699.Dq tinyhttpd . 700It was then rewritten from scratch in perl, and then once again in C. 701From 702.Dq bozohttpd 703version 20060517, it has been integrated into 704.Nx . 705The focus has always been simplicity and security, with minimal features 706and regular code audits. 707This manual documents 708.Nm 709version 20240428. 710.Sh AUTHORS 711.An -nosplit 712.Nm 713was written by 714.An Matthew R. Green 715.Aq Mt mrg@eterna23.net . 716.Pp 717The large list of contributors includes: 718.Bl -dash 719.It 720.An Christoph Badura 721.Aq Mt bad@bsd.de 722provided Range: header support 723.It 724.An Marc Balmer 725.Aq Mt mbalmer@NetBSD.org 726added Lua support for dynamic content creation 727.It 728.An Sean Boudreau 729.Aq Mt seanb@NetBSD.org 730provided a security fix for virtual hosting 731.It 732.An Julian Coleman 733.Aq Mt jdc@coris.org.uk 734provided an IPv6 bugfix 735.It 736.An Chuck Cranor 737.Aq Mt chuck@research.att.com 738provided cgi-bin support fixes, and more 739.It 740.An Alistair G. Crooks 741.Aq Mt agc@NetBSD.org 742cleaned up many internal interfaces, made 743.Nm 744linkable as a library and provided the Lua binding 745.It 746.An DEGROOTE Arnaud 747.Aq Mt degroote@NetBSD.org 748provided a fix for daemon mode 749.It 750.An Andrew Doran 751.Aq Mt ad@NetBSD.org 752provided directory indexing support 753.It 754.An Roland Dowdeswell 755.Aq Mt elric@NetBSD.org 756added support for serving gzipped files and better SSL handling 757.It 758.An Per Ekman 759.Aq Mt pek@pdc.kth.se 760provided a fix for a minor (non-security) buffer overflow condition 761.It 762.Aq Mt emily@ingalls.rocks 763provided fixes for some bad request parsing 764.It 765.An Jun-ichiro itojun Hagino, KAME 766.Aq Mt itojun@iijlab.net 767provided initial IPv6 support 768.It 769.An Martin Husemann 770.Aq Mt martin@NetBSD.org 771provided .bzabsredirect and .bzredir support, fixed various 772redirection issues and more 773.It 774.An Arto Huusko 775.Aq Mt arto.huusko@pp2.inet.fi 776provided fixes cgi-bin 777.It 778.An Roland Illig 779.Aq Mt roland.illig@gmx.de 780provided some off-by-one fixes 781.It 782.An Zak Johnson 783.Aq Mt zakj@nox.cx 784provided cgi-bin enhancements 785.It 786.An Nicolas Jombart 787.Aq Mt ecu@ipv42.net 788provided fixes for HTTP basic authorization support 789.It 790.An Antti Kantee 791.Aq Mt pooka@NetBSD.org 792provided fixes for HTTP basic authorization support 793.It 794.An Thomas Klausner 795.Aq Mt wiz@NetBSD.org 796provided many fixes and enhancements for the man page 797.It 798.An Mateusz Kocielski 799.Aq Mt shm@NetBSD.org 800fixed memory leaks, various issues with userdir support, 801information disclosure issues, added support for using CGI handlers 802with directory indexing, found several security issues and provided 803various other fixes 804.It 805.An Arnaud Lacombe 806.Aq Mt alc@NetBSD.org 807provided some clean up for memory leaks 808.It 809.An Johnny Lam 810.Aq Mt jlam@NetBSD.org 811provided man page fixes 812.It 813.An Dennis Lindroos 814.Aq Mt denafcm@gmail.com 815provided a cgi-bin fix 816.It 817.An Jared McNeill 818.Aq Mt jmcneill@NetBSD.org 819added support for readme in directory indexing 820.It 821.An Julio Merino 822.Aq Mt jmmv@NetBSD.org 823Added the 824.Fl P 825option (pidfile support) and provided some man page fixes 826.It 827.An Luke Mewburn 828.Aq Mt lukem@NetBSD.org 829provided many various fixes, including cgi-bin fixes and enhancements, 830HTTP basic authorization support and much code clean up 831.It 832.An Sunil Nimmagadda 833.Aq Mt sunil@nimmagadda.net 834provided runtime TLS version control 835.It 836.An Rajeev V. Pillai 837.Aq Mt rajeev_v_pillai@yahoo.com 838provided several fixes for virtual hosting and directory indexing and 839fixes for CGI 840.It 841.An Jeremy C. Reed 842.Aq Mt reed@NetBSD.org 843provided several clean up fixes, and man page updates 844.It 845.An Scott Reynolds 846.Aq Mt scottr@NetBSD.org 847provided various fixes 848.It 849.An Tyler Retzlaff 850.Aq Mt rtr@eterna23.net 851provided SSL support, cgi-bin fixes and much other random other stuff 852.It 853.An rudolf 854.Aq Mt netbsd@eq.cz 855provided minor compile fixes and a CGI content map fix 856.It 857.An Steve Rumble 858.Aq Mt rumble@ephemeral.org 859provided the 860.Fl V 861option 862.It 863.An Jukka Ruohonen 864.Aq Mt jruoho@NetBSD.org 865provided support for 866.Xr blocklistd 8 867.It 868.An Thor Lancelot Simon 869.Aq Mt tls@NetBSD.org 870enhanced cgi-bin support 871.It 872.An Joerg Sonnenberger 873.Aq Mt joerg@NetBSD.org 874implemented If-Modified-Since support 875.It 876.An Kimmo Suominen 877.Aq Mt kim@NetBSD.org 878removed obsolete 879.Pa .bzdirect 880handling 881.It 882.An ISIHARA Takanori 883.Aq Mt ishit@oak.dti.ne.jp 884provided a man page fix 885.It 886.An Holger Weiss 887.Aq Mt holger@CIS.FU-Berlin.DE 888provided http authorization fixes 889.It 890.Aq Mt xs@kittenz.org 891provided chroot and change-to-user support, and other various fixes 892.It 893.An S.P.Zeidler 894.Aq Mt spz@NetBSD.org 895fixed several SSL shutdown issues 896.It 897Coyote Point provided various CGI fixes 898.El 899.Pp 900There are probably others I have forgotten (let me know if you care) 901.Pp 902Please send all updates to 903.Nm 904to 905.Aq Mt mrg@eterna23.net 906or 907.Aq Mt netbsd-bugs@NetBSD.org 908for inclusion in future releases. 909.Sh BUGS 910.Nm 911does not handle HTTP/1.1 chunked input from the client yet. 912