From 5a92243bcb75a26e6ac70f9a4c8ab660e8681a8a Mon Sep 17 00:00:00 2001
From: Nova <novacow@proton.me>
Date: Mon, 10 Mar 2025 15:17:57 +0100
Subject: [PATCH] A quick update to config for more clarity

---
 pywebsrv.conf | 32 +++++++++++++++++++++++---------
 pywebsrv.py   | 31 +++++++++++++++++++++++--------
 2 files changed, 46 insertions(+), 17 deletions(-)

diff --git a/pywebsrv.conf b/pywebsrv.conf
index c0e6fda..52f9767 100644
--- a/pywebsrv.conf
+++ b/pywebsrv.conf
@@ -1,17 +1,31 @@
 # Using NSCL 1.3
+# Port defenition. What ports to use.
+# port is the HTTP port, port-https is the HTTPS port
 port:8080
-directory:/home/nova/Documents/html
-host:localhost
-# DANGER: NEVER EVER TURN THIS ON IN PROD!!!!!!!!!!!!
-allow-all:1
-# DANGER!!
 port-https:8443
+# Here you choose what directory PyWebServer looks in for files.
+directory:<Enter directory here>
+# Host defenition, what hosts you can connect via.
+# You can use FQDNs, IP-addresses and localhost,
+# Support for multiple hosts is coming.
+host:localhost
+# Ignores the host parameter (except for localhost) and allows everything.
+# DANGER! For obvious reasons this isn't recommended.
+allow-all:0
+# Enables HTTP support. (Only enables/disables the HTTP port.)
 http:1
+# Enables HTTPS support. (Only enables/disables the HTTPS port.)
 https:1
-allow-localhost:0
-# for use in libraries
-# disable-autocertgen:0
+# Allows the use of localhost to connect.
+# The default is on, this is seperate of the host defenition.
+allow-localhost:1
+# If you're using the webserver in a library form,
+# you can disable the AutoCertGen and never trigger it.
+disable-autocertgen:0
+# If you wish to block IP-addresses, this function is coming though.
 # block-ip:0.0.0.0,1.1.1.1,2.2.2.2
+# If you wish to block User-Agents, this function is coming though.
 # block-ua:(NULL)
+# This function is deprecated, allows a connection with no Host header.
+# You should NEVER have to enable this! It can pose a risk to security!
 # allow-nohost:0
-# In libraries you can disable everything you don't need.
diff --git a/pywebsrv.py b/pywebsrv.py
index 4d9de18..122da08 100644
--- a/pywebsrv.py
+++ b/pywebsrv.py
@@ -95,6 +95,7 @@ class FileHandler:
             "https",
             "port-https",
             "allow-all",
+            "allow-nohost",
             "allow-localhost",
             "disable-autocertgen",
         ]
@@ -121,10 +122,8 @@ class FileHandler:
                         or option == "allow-all"
                         or option == "allow-localhost"
                         or option == "disable-autocertgen"
+                        or option == "allow-nohost"
                     ):
-                        print(
-                            f"option: {option}, val: {value}, ret: {bool(int(value))}"
-                        )
                         return bool(int(value))
                     return value
         return None
@@ -240,6 +239,22 @@ class WebServer:
                 self.https_socket, server_side=True
             )
 
+        self.http_404_html = (
+            "<html><head><title>HTTP 404 - PyWebServer</title></head>"
+            "<body><center><h1>HTTP 404 - Not Found!</h1><p>Running PyWebServer/1.1</p>"
+            "</center></body></html>"
+        )
+        self.http_403_html = (
+            "<html><head><title>HTTP 403 - PyWebServer</title></head>"
+            "<body><center><h1>HTTP 403 - Forbidden</h1><p>Running PyWebServer/1.1</p>"
+            "</center></body></html>"
+        )
+        self.http_405_html = (
+            "<html><head><title>HTTP 405 - PyWebServer</title></head>"
+            "<body><center><h1>HTTP 404 - Method not allowed</h1><p>Running PyWebServer/1.1</p>"
+            "</center></body></html>"
+        )
+
         self.running = True
 
     def start(self, http, https):
@@ -334,15 +349,15 @@ class WebServer:
         if not all([method, path, version]) or not self.parser.is_method_allowed(
             method
         ):
-            return self.build_response(405, "Method Not Allowed")
+            return self.build_response(405, self.http_405_html)
 
         file_content = self.file_handler.read_file(path)
 
         if file_content == 403:
             print("WARN: Directory traversal attack prevented.")  # look ma, security!!
-            return self.build_response(403, "Forbidden")
+            return self.build_response(403, self.http_403_html)
         if file_content == 404:
-            return self.build_response(404, "Not Found")
+            return self.build_response(404, self.http_404_html)
         if file_content == 500:
             return self.build_response(
                 500,
@@ -381,7 +396,7 @@ class WebServer:
 
         headers = (
             f"HTTP/1.1 {status_code} {status_message}\r\n"
-            f"Server: PyWebServer/1.0\r\n"
+            f"Server: PyWebServer/1.1\r\n"
             f"Content-Type: {content_type}\r\n"
             f"Content-Length: {len(binary_data)}\r\n"
             f"Connection: close\r\n\r\n"  # connection close bcuz im lazy
@@ -406,7 +421,7 @@ class WebServer:
 
         headers = (
             f"HTTP/1.1 {status_code} {status_message}\r\n"
-            f"Server: PyWebServer/1.0\r\n"
+            f"Server: PyWebServer/1.1\r\n"
             f"Content-Length: {len(body)}\r\n"
             f"Connection: close\r\n\r\n"
         ).encode()