# VBForums CodeBank > CodeBank - Visual Basic 6 and earlier >  VB - A simple HTTP Web Server (2)

## CVMichael

This is an improved version of the server in this thread:
http://www.vbforums.com/showthread.p...hreadid=237843

I added a function to list directories and files if the user does not type any file name in the link.

To make it work, you have to change the LocalPort to whatever port you want the server to listen for connections, and PathShared constant to a valid directory.

To see it in action, type the local ip then ":" and the local port, for example: http://127.0.0.1:8080

----------


## michaelvb6

Hi and thanks heaps for this.  I already had a socket based server program but I'm not an expert in Http so wasn't sure on the header information to pass back.

To this end, wondering if anyone can help me.

I have a need to connect to my existing "server" which performs a wide variety of tasks via a normal socket connection (local tcp).

This has changed and I need to connect via a web page.  No problem, just include the web server code above and problem solved..... almost.

I need to do a comet style slow load technique in order that my "server" program can send status messages back to the browser, reverse ajax style.

I have the javascript code this this already that sets up the xmlhttprequest objects etc, but as I am not very compentant in http, I am unsure how to make the server side hold the connection open (well, ok I got it to jam on one connection but bad things happened).  Nor what format in order to push the data back to the client.

Any help anyone has, or pointers in the right direction would be greatly appreciated.  I feel that the above code should be able to do it with some minor mods as I'm running quite a dedicated process and does not have to perform any other tasks except send and receive basic messages.

Thanks

Michael

----------


## julio_gzz

Excelent work! i have too a http server but it is better than mine, i will use it in my proyects

bye

----------


## boscad

Very smart, well constructed and commented piece of code.  
Well done! 
I was sooooo very close to putting something remarkably similar to this together....
I eat and sleep sockets stuff, but the HTML / HTTP handling bits saved me a couple of days getting the "basics" sorted out.
Thanks again

----------


## mintxor

Cleaned up version of the above code.
  Uses DoEvents for event handlers that call each other
  Open files closed on WinSock_Close event
  A couple of programming form improvements
  Configuration window

  Removed all the commenting, sry  :P

----------


## CVMichael

Welcome to the forums...

But... what's with DoEvents ? the only purpose I see for DoEvents is to slow down the application... and to mess up the data on DataArrival...

As most of the code I write for the CodeBank, I write with a purpose... This time the purpose was to show how to make a simple web-server, not how to save the settings, or logs, etc... that can be done on your own (as you did) after you learn the important part... and it seems like you did... therefore I did my part well.

I could have added all the bells and whistles too, but I wanted to make it as simple as possible so that anyone could understand how a web-server works.

----------


## Ben321

Why would I use any server other than Apache? Apache ROCKS!

----------


## CVMichael

I think maybe I should ask the Admin to lock this thread... things are getting out of hand here...

----------


## boscad

LOL - I agree!  The original post served it purpose extremely well.  As said before - it saved a good bit of research time.  Thanks again.

----------


## Wdave

CVMichael,
 Kudos galore - 
This "Simple HTTP Web Server" is an excellent example.
It has demystified the entire concept for me. I didn't know that HTTP communication was so simple an ASCII format, let alone how to see any of it.
(how do you spell epiphany, anyway?)
Now that I've got my new pointy-hat, I'm going full speed.
Thanx much
WDave

----------


## mustiback

Really Good Job...

----------


## CVMichael

Thanks...

----------


## coolcurrent4u

thanks CV for this code

I want to add some more implementation but am confused about how to go doing it.

can you suggest how i add thes features:

Mapping redirectsn,Directory Listing , and Logging 

thanks

----------


## Eliminator2009

Great Project

Can you add PHP MySql Support in this project.

Thanks Again. :Alien Frog:

----------


## CVMichael

I wouldn't even if I knew how... but I don't know how...

I don't have time to make any improvements to any projects I posted on the vbforums. My interests are different now. Though I do help once in a blue moon with quick questions.
And besides, I don't program in VB6 anymore, I switched to VB.NET...

----------


## jumpjack

How can I port this source to VBA (i.e. Excel macro)?
Just being able to display a "hello world" messagebox upon receiving a character on port 80 would be enough for me to have something to start from to write the program  I need!

----------


## CVMichael

LOL, so then anyone who you give this Excel file will have a port open to get/send data... I don't think so...

----------


## jumpjack

> LOL, so then anyone who you give this Excel file will have a port open to get/send data... I don't think so...


what are you talking about?!?

I want to open port on MY pc to be accessed from outside!  :Confused:

----------


## aukaywah

> Cleaned up version of the above code.
>   Uses DoEvents for event handlers that call each other
>   Open files closed on WinSock_Close event
>   A couple of programming form improvements
>   Configuration window
> 
>   Removed all the commenting, sry  :P



Hi, the code is great. Could you tell me what shall I do to open the server in my pc for Internet access?

----------


## CVMichael

> Hi, the code is great. Could you tell me what shall I do to open the server in my pc for Internet access?


Sure... forward the port on your router. To do that it's hard to explain because every router is different... So I think the best way is for you to google "port forwarding" for your router.

Next, is to find out your internet IP, and you can use google for that too: https://www.google.ca/?gws_rd=ssl#q=my+ip
Then on outside of your network open the browser, and type http://123.123.123.123:8080  (where 123... is the IP you got from google search "my ip")

Or... you can install a free DNS name client on your computer, for example http://www.noip.com/free  (this is what I was using at the time I created this thread 11 years ago); in that case, you can do something like http://my_domain.com:8080

Also, your windows firewall might block the port you are using. So I would disable the windows firewall, get the port forwarding (all the above) working, and then enable the windows firewall. If then it stops working, then again do a google search on how to enable a port in Windows Firewall.

Have fun  :Smilie:

----------


## aukaywah

> Sure... forward the port on your router. To do that it's hard to explain because every router is different... So I think the best way is for you to google "port forwarding" for your router.
> 
> Next, is to find out your internet IP, and you can use google for that too: https://www.google.ca/?gws_rd=ssl#q=my+ip
> Then on outside of your network open the browser, and type http://123.123.123.123:8080  (where 123... is the IP you got from google search "my ip")
> 
> Or... you can install a free DNS name client on your computer, for example http://www.noip.com/free  (this is what I was using at the time I created this thread 11 years ago); in that case, you can do something like http://my_domain.com:8080
> 
> Also, your windows firewall might block the port you are using. So I would disable the windows firewall, get the port forwarding (all the above) working, and then enable the windows firewall. If then it stops working, then again do a google search on how to enable a port in Windows Firewall.
> 
> Have fun



Thanks so much for your detailed answer. I will try about it!

----------


## FranciscoLeuro

Michael, great job. Understanding things from its basic form is the key to build complex solutions. I already build a solution on VB.NET 2015 based on your approach and is working great. I'm not providing a way to let users request for files in local file system. Server just send back HTML formatted response based on querystring received from remote client. In this scenario, what security risks are taken? I mean, just listening on :80 port and not providing any access to local file system, what could happen? Server is running on Windows 7. Thanks in advance.

----------


## CVMichael

If you display data from a database, then don't put the primary key ID in the querystring. Because the user can change the ID in the querystring (since IDs are usually incremental), and get data that he/she was not supposed to see. Instead make another indexed column in your table, and generate random IDs, use a HASH, or GUID, and have that as part of the link. If you have controls on the returned page, make sure the user cannot get more data by entering something malicious in the text boxes (or other input boxes), also called SQL Injection.

Other than that, I don't see any security risks...

----------


## Tech99

> If you display data from a database, then don't put the primary key ID in the querystring. Because the user can change the ID in the querystring (since IDs are usually incremental), and get data that he/she was not supposed to see. Instead make another indexed column in your table, and generate random IDs, use a HASH, or GUID, and have that as part of the link. If you have controls on the returned page, make sure the user cannot get more data by entering something malicious in the text boxes (or other input boxes), also called SQL Injection.
> 
> Other than that, I don't see any security risks...


Don't count of that method either - kind of false sense of security. Generate unique viewstate hash - per call, and do not count anything 'random' stored in DB.

----------


## CVMichael

> Don't count of that method either - kind of false sense of security. Generate unique viewstate hash - per call, and do not count anything 'random' stored in DB.


You do know that we are talking about a bare-bones HTTP Web Server right?

----------


## wqweto

@CVMichael: Kudos for not abandoning the thread after all those 13 years!

cheers,
</wqw>

----------

