What's new? cFos Personal Net
* New feature
! Software change requires modification of your configuration
- Information only
Revision history: ---------------------------------------------------------
cFos Personal Net 5.02 -- 20-Jul-2020
+ cFos Personal Net now opens files in more liberal sharing modes. This
should make overwriting files which are in use easier.
+ Adapted file upload scripts to newer browser behavious.
cFos Personal Net 5.01 -- 09-Apr-2020
x Fixed a bug which prevented passing some environment variables to
- switched to Visual Studio 2019
cFos Personal Net 5.00 -- 18-Jan-2019
* Added support for FastCGI and thereby the possibility to run
node.js (and other) scripts. See
for how to setup FastCGI with cFos Personal Net.
cFos Personal Net 4.12 -- 03-Sep-2018
x Fixed a problem where pnet_redirect_host created invalid URLs.
x Fixed a memory leak when writing to the file object using
cFos Personal Net 4.10 -- 05-Feb-2018
! Added setting in c:\programdata\cfos\cfospnet\global.ini, section [param]
mask_address=1 ; mask out bits of IP address for server logging.
full IP addresses in the server logs, set this to 0.
cFos Personal Net 4.04 -- 22-Jun-2017
- Added context menu option to register with our new 30 digit license keys
cFos Personal Net 4.04 -- 10-Feb-2016
+ Added a handler to .PHP scripts in the default .htaccess file. Also
added index.php as DirectoryIndex.
+ Successfully tested cFos Personal Net with WordPress.
+ Improved error output of CGI scripts.
+ sendmail.dll can now converts @localhost to @example.com mail addresses
and ignores Content-Transfer-Encoding: 8bit headers.
x made PATH_INFO, PATH_TRANSLATED and REQUEST_URI more CGI compatible.
cFos Personal Net 4.00 -- 20-Jan-2016
* Added portable mode. If you use cfospnet_portable.exe it runs without
installation. For example you can use it from a memory stick. This allow
a 2 step temporary hosting of files without a 3rd party service. You
can also let someone upload files. Learn more at
+ When publishing files and your address is an IPv6 address, cFos Personal
Net will also determine an IPv4 address and add it to the clipboard in
case your peer has no IPv6 connectivity.
+ Added setting in c:\programdata\cfos\cfospnet\global.ini, section [param]
upload_allowed=1 ; 1 allow, 0 disable, default is 1
This is used to enable/disable HTTP POST and PUT. There is also an option
in the context menu, where you can temporarily turn it on or off.
cFos Personal Net 3.13 -- 18-Mar-2015
x Maintenence release to fix some crashes.
cFos Personal Net 3.12 -- 19-Dez-2014
+ cFos Personal Net can now resolve shell links. To allow this, the
file extension .LNK must be configured as MIME type
application/x-ms-shortcut. Shell links are only resolved if the
link owner is member of the local administrators group.
+ You can now temporary pause and resume the HTTP server in the context
+ publish_file.cfhta now also works when cFos Personal Net is not running.
cFos Personal Net 3.11 -- 11-Nov-2014
+ Added iscollection, isFolder and authoritative-directory to PROPFIND
response for folders.
+ Files are now opened without sharing restictions.
x Fixed a crash with digest authentication.
cFos Personal Net 3.10 -- 08-May-2014
x Fixed a crash during the attempt to receive data from POST or PUT
requests. Thanks to Gjoko :)
cFos Personal Net 3.09 -- 11-Nov-2013
- Updated version to incorporate various library changes.
x Fixed a bug which could cause counter for the number of active connections
to slowly increase over time.
cFos Personal Net 3.08 -- 02-Sept-2013
x Fixed a crash when UPnP server tried to access an invalid URL.
cFos Personal Net 3.06
- Added code to disallow empty public and private directory settings in
x the sidebar Gadget vor Windows Vista and Windows 7 should work again.
Thanks to Stef.
x Changed encoding UPnP media url, so they are compatible with more devices.
Using spaces, etc. in file names could cause problems.
x If authenticated HTTP requests resulted in an error, then the error
response errorneously required an authentication, even if no
ErrorHandler file was configured. This resulted in the wrong HTTP
x Fixed a bug which could cause strange HTTP response codes to appear in
the log file.
cFos Personal Net 3.02
+ From the data we see in the crash reports you send us, we see a lot of
crashes, caused by viruses or malfunction of security software. So from
now on the crash handler will try to report if the crash was causes by a
virus or malfunctioning software (which installs "hooks"). So you can
take measures to increase system stability, e.g. clean your system,
update your security software, etc.
x Fixed crash when the Windows firewall is not accessible.
cFos Personal Net 3.00
+ Added support for PHP. In mode cases, PHP is not used like normal CGI
scripts. Instead PHP scripts may also contain HTML code and no first
line specifying the interpreter. Therefore you can now specify a
new file type in the AddHandler directive, named php-file. cFos Personal
Net will use the key "php_interpreter" in the [param] section of
GLOBAL.INI to start the php interpreter with the php script file as
+ Added paramter in global.ini, section [param] to control cleanup
of threads. thread_cleanup_interval in msec specifies the interval at
which unused threads are cleaned from the pool in msec, default is 2000.
+ Reduced the memory load on the system in case of lots of connections.
+ Added pnet_redirect_host directive to allow easy mapping of HTTP requests
to a canonical host, like requests to cfos.de to www.cfos.de.
+ PROPFIND are not redirected from a directory to a file anymore.
x Fixed slight compatibility problem with Apache in Redirect directive.
x Under rare conditions cFos Personal Net could cause a script to never
cFos Personal Net 2.10 build 2300 Beta
+ Added a little sendmail.exe program. If you use
CGI scripts, you should put it into the path, so your
scripts can find and start it. It accepts rfc822 messages in
UTF-8 encoding and uses the smtp parameters in the GLOBAL.INI
file of cFos Personal Net to send the mail.
+ cFos Personal Net now regards the Connection: Close header. Also closes
the connection after completing HTTP 1.0 requests without Connection
+ When the length of a HTTP response cannot be determined in advance,
cFosSpeed uses chunked data transfer. But, since old HTTP 1.0 programs
cannot handle chunked data transfer, cFosSpeed now closes the connection
after the response body was sent. This is a requirement of the HTTP 1.0
specification. Now old programs, like wget should work better with
cFos Personal Net.
+ smpt_server, smtp_username, smtp_password and smtp_use_ssl settings in
GLOBAL.INI can now be changed without starting the server.
+ added smtp_port parameter. -1 means default. Other values specify the
SMTP port, e.g. 25.
! renamed 'www' directory in pub to 'private', because it contains private
files for the users. Please check, if you have private user content.
x Fixed a bug where cFos Personal Net sometimes did not disconnect
properly after processing the HTTP request.
x HTTP Digest authentication failed if no qop field was given. Fixed.
x Changed the authorization of the /www directory, so the admin can access
it. Subdirectories of /www can be accessed by their respective users by
means of the Require actual-user directive.
x Fixed one more bug with creating caldav_personal / carddav_personal
x Fixed a bug where non-existent calendar or addressbook entries weren't
reported with the correct 404 response.
x Fixed several bugs, which caused the webserver and/or sendmail.exe to
use incorrect passwords when sending mail.
cFos Personal Net 2.08 build 2200 Beta
* New context menu entries:
display the public directory
show the current server connections
start connectivity test
show the user administration page
start the publish file dialog
* New Publish File dialog. It allows to select a file
to publish for others to download and also lets you
select the user for whom the file is.
* The cFos Personal Net standard dialogs now include help
and links to user administration, current connections
and DynDNS settings.
+ Fixed several problems with CGI scripting.
+ Fixed problems with spaces and ' in file names.
+ You can now use the key enable_kernel_streaming=0 in
GLOBAL.INI, section [param] to disable HTTP kernel
streaming. Default is enabled. Kernel streaming is
used under Windows Vista SP1+.
x Fixed a crash when executing server shutdown scripts.
x Fixed automatic creation of caldav_personal/carddav_personal
cFos Personal Net 2.06 build 2100 Beta
* Added experimental uPnP media server support. By setting
the key enable_media_server=1 in the [param] section of
global.ini in the programdata\cfos\cfospnet directory, you
can enable the uPnP media server function. The root
directory for media (audio, video, images) is by default
'media' in the public directory. You can change it with
the key media_dir=... in the [param] section of global.ini.
It should be a subdirectory of public. cFos Personal Net
checks the media directory and subdirectories against
HTTP authentication settings and only reports files
or directories with unrestricted public access by the HTTP
* Added connectivitiy test in the setup. The installer can
now check, if cFos Personal Net is reachable as "localhost",
with your private ip address and with your public ip
address. This should help reduce problems with unreachable
* Added a watchdog which checks if a program uses a
port already in use by cFos Personal Net, e.g. port 80.
- Added more audio and video mime types.
cFos Personal Net 2.04 build 2006 Beta
x Fixed a bug where the installer would rename .htaccess files
to .htaccess.bak even if no relation to files in the installation
cFos Personal Net 2.04 build 2004 Beta
+ Added new Require type: actual-user .
Pnet takes the current request path after each directory in
and checks the next url path fragment against the
current authenticated user, e.g.
Require actual-user /
in a .htaccess file located in /www would allow the user
'test' access to the directories /www/test/ and below.
Directories in the are always relative to the location
of the current .htaccess file they appear in.
x Fixed authentication problems as non-admin for CalDAV/CardDAV
with the new Require type.
cFos Personal Net 2.02 build 2002 Beta
x Changed location of personal calendar/addressbook for CalDAV/CardDAV
access to the /www// directory, instead of the
/users// directory. This solves authentication problems
for non-admin users.
+ cFos Personal Net now support uPnP NAT port forwarding. If you have a
uPnP capable router, cFos Personal Net can now add port forwarding
rules for the HTTP and HTTPS port on startup and remove the port
forwarding rule on shutdown. You can disable this feature in the
during installation. For example, if you only want to use
cFos Personal Net in your LAN, you would not want it to use
port forwarding. Note: NAT Port forwarding only applies to IPv4.
+ cFos Personal Net now uses the .NET MailMessage Class to send
mail, instead of CDO. This allows sending encrypted mail via
STARTTLS. The webserver -> sendmail object was updated accordingly.
Please check the documentation and update your scripts.
cFos Personal Net still uses the GLOBAL.INI settings
smtp_server, smtp_user, smtp_pwd so that the credentials need
not be in the scripts. In addition the key smtp_use_ssl=1 now
enables SSL/STARTTLS encryption.
cFos Personal Net 2.00 build 2000 -- 04-Dec-2012
x Under some operating systems HTTP DELETE could not always delet
x CalDAV can now process requests with time-range filtering without
start and/or end date, used by iOS (iPhone, iPad, etc.).
cFos Personal Net 1.33 build 1502 Beta
! Removed the pnet_no_auth, pnet_limitput and pnet_limitdelete directive,
because cFos Personal Net now supports the and Require directive,
which are far better suited to configure access control.
Adapted the .htaccess files accordingly. You should check it this still
meets your access configuration requirements.
See the directive below...
Also the webserver authenticate scripting method now needs a verb which
can be checked against the directive as an additional parameter.
* Added CARDDAV support, according to RFC 6352. cFos Personal Net can
now be used to synchronise address book data. Similar to the CALDAV
calendar data, address book data is stored in a subdirectoy
in the authenticated users home directory. Address book directories
begin with a configurable prefix (default is "carddav_"). You can either
create such a directory manually (e.g. with Windows Explorer)
or cFos Personal Net will create a carddav_personal directory
by default when it detects a CARDDAV address book query for the current
authenticated user. If your CARDDAV software cannot find
address books automatically you can configure the calendar at
* Added directive. .htaccess directives between
and are only processed if the current
HTTP method is in the space separated list of methods. For
limits certain directives to HTTP POST's only.
* Updated the Require directive. It now also supports
Require all granted
Require all denied
x Improved handling of junctions (directory hard links) in
makedir2.jss. Thanks to Stef.
x Removed 404 error document entry in private .htaccess, because
it is handled by all_errors.shtml
x Improved handling of DAV:REPORT for unsupported commands.
PROPFIND can now report CALDAV/CARDDAV resourcetypes and
x Improved handling of DAV:current-user-principal property, which
is used for calendar/addressbook auto-detection.
- Moved most parts of the public .htaccess to the private .htaccess.
This should simplify modifying .htaccess files in the public tree.
cFos Personal Net 1.33 build 1500
* cFos Personal Net now supports CALDAV calendars, according to
RFC 4791 with some support for extensions so calenders can
automatically found for authenticated users. This allows you
to synchronize your calendar software with the calendar data on
the cFos Personal Net server. Calendars are stored in a subdirectoy
in the authenticated users home directory. These begin
with a configurable prefix (default is "caldav_"). You can either
create such a directory manually (e.g. with Windows Explorer)
or cFos Personal Net will create a caldav_personal directory
by default when it detects a calendar query for the current
authenticated user. If your CALDAV software cannot find
calendars automatically you can configure the calendar at
+ Added pnet_lock directive. You can use
pnet_lock on or pnet_lock off
in your .htaccess files. This causes cFos Personal Net to
acquire a global named lock. The name is the full path of the respective
.htaccess file. This prevents concurrent HTTP requests to the same
directory. This is useful to prevent concurrent WEBDAV / CALDAV requests
from overwriting data. It is also recommended when there may be
concurrent PUT requests an certain URLs.
x Fixed a bug in cfospnet.gadget, which prevented it from accessing
cFos Personal Net. Thanks to Cody.
cFos Personal Net 1.32 Build 1400 -- 10-Oct-2012
! pnet_no_auth directive is no longer inherited by sub-directories.
This caused a potential security risk where un-authorized users
could read data which required authorization.
We strongly recommend to update cFos Personal Net to V1.32.
+ makedir2.jss now has exception handling code to prevent "access denied"
script errors. Thanks to Stef for the reports.
- The cFos Personal Net installer now also collects
cFos Personal Net 1.30 Build 1300 -- 18-Sep-2012
+ Added cFos WMI Monitor package
cFos Personal Net 1.21 Build 1250 -- 07-Sep-2012
+ Added support for add-on packages. Our first add-on
package will be released shortly.
! Added pnet_no_auth directive. Use it to specify for which
HTTP methods you don't need authorization, e.g.
pnet_no_auth GET HEAD
This allows to add HTTP authorisation for public folders,
but still allow access to unauthorized users. We changed
the default .htaccess file so that Digest authorization is
now always required, but not for GET HEAD OPTIONS POST.
This enables admins write access to public folders with
authorization, while normal users still can read files.
+ cFos PNet now displays the *local* IP addresses in the
context menu. This should help to configure NAT port
forwarding and to reach the cFos PNet from within your LAN.
+ Added text/calendar mime type
+ Work-around for WebDAV Navigator
+ Added WebDAV element as returned property for
x Fixed a bug where If-Match and If-None-Match headers would not
be handled correcty for HTTP requests other than GET and POST.
cFos Personal Net 1.00 Build 1100 -- 07-Aug-2012
* Added WebDAV support! This allows to manage cFos Personal Net folders
from remote locations by using Windows Explorer (Windows 7) and also
the use of file synchronization tools, for example on smartphones.
To open your cFos Personal Net folders from remote type
in the address bar of windows Explorer. Windows Explorer will then
access your dav subfolder in the public folder. For write/delete
access remove the commented section in .htaccess in your
public folder. Please also modify the access rights / HTTP auth.
Otherwise everybody has write/delete access to your dav folder.
WebDav in cFos Personal Net currently treats all resources as
files and directories in the public folder tree, using RFC 4918,
including exclusive LOCKs. It supports the following methods:
PROPFIND, PROPPATCH, DELETE, PUT, MKCOL, COPY, MOVE, LOCK, UNLOCK.
PROPPATCH is used to modify file attributes and file times.
+ cFos Personal Net now comes with a litte sidebar gadget. It displays
the number of current connections and the progress of current
file transfers. So you always see what's going on :-)
Windows 8 users can use the HTML version pub/users/gadget.htm.
+ Added and directive.
The directives between and are only used
for a URL which matches exp. is the regular expression
version of it. The location directive matches the whole URL beginning
with / of the request and is not tied to particular files or directories
in your file system. The and directives are
useful if you want to keep certain directories free of .htacces files.
In this case you can place your needed .htaccess directives in the
.htaccess file of the upper directory in a or
cFos Personal Net 0.94 Build 1020 -- 24-Jul-2012 (Release Candidate 2)
x Fixed a long-standing bug, where Digest Authentication caused
the browsers to re-ask for user/password after a few request.
x Fixed a bug where the URL caching got confused when files or
directory existence changed after the HTTP request.
cFos Personal Net 0.92 Build 1010 -- 26-Jun-2012
+ Added support for COM event sinks in scripts. The webserver object
now has a new function CreateObject, which works like the CreateObject
function of the Windows Scripting Host. You can specify a prefix for
script functions to receive COM events. This allows an event driven
programming model for server scripts.
+ To support event driven programming, added function create_event()
which returns a waitable event. The event object has the methods
set(), reset() and is_set() to set, reset and query the state of the
evennt. There is also a new function wait_for_events(), so you can
wait for one or more events. This allows for far better response times
that using sleep. See documentation for details.
+ Added stop_impersonation() and restart_impersonation() to allow scripts
to run with elevated rights (for a short time). This allows cFos
Personal Net to perform admin tasks in scripts. You need to configure
which scripts are allowed to stop impersonation in the GLOBAL.INI file.
See documentation for details.
cFos Personal Net 0.90 Build 1006 -- 23-Apr-2012
x Fixed a bug where the user authentication didn't work when the public
directory was not at the default location.
cFos Personal Net 0.90 Build 1004 -- 05-Apr-2012
x Fixed a bug where larger files could cause send problems.
- Changed the style of the pnet directory web pages.
cFos Personal Net 0.90 Build 1002 -- 28-Feb-2012
+ The master password is now copied into the registry to survive an
uninstall. Also you can backup master_pwd.ini and store it into the
same folder as setup.exe before installation. Thereby your let cFos PNet
use this master password for the new installation.
+ The admin password dialog is now always visible, so you can easily
change it during installation.
cFos Personal Net 0.90 -- 03-Feb-2012
- Initial release.
Note: Pre-purchase life-time license for 9.90 € (50% off until Release