23 December 2021, 17:52

See the changelog for details.

24 December 2021, 13:12
Thank you and Merry Christmas
27 December 2021, 19:18
Good to see this is still maintained, I am still using Hiawatha in a production environment
2 January 2022, 12:41
Thanks Hugo, for this software and for still updating it. Happy Hiawatha user on a small FreeBSD server in a corner of the internet.
4 February 2022, 19:22
Hello Hugo, Please what is the setup to run PHP on Hiawatha for Windows 10?
Thank you for your feedback.
18 February 2022, 18:14
Thanks for the continued updates!
17 March 2022, 16:34
Hi Marc, which version are you using? I was also a happy user on Debian, yet I moved to FreeBSD now, and found only a trimmed version of Hiawatha-10.12_1 here — without Lefh, Tomahawk, Wigwam, IPv6, Monitor… :-(
19 March 2022, 13:45
Vladas, I first used the one in the ports section, but then manually updated to 11.1
You have make some small edits, but it runs great. No problems in the past few months.
28 March 2022, 07:52
Nice to hear, Marc. But you did not make the package, did you? Is not that possible for me, not the programmer?
Hugo Leisink
28 March 2022, 08:29
@marc: If you can provide me with the right files and scripts to build a FreeBSD package, I will include them in the source package.
28 March 2022, 12:36
I just recompiled it. That worked fine. Starting Hiawatha gives an error:
Error in regexp '\s*(;\s*)?--(\s|')

I used the patch files from the FreeBSD source package for hiawatha 10.12 to correct this problem:
(in the directory: hiawatha-11.1/src )
patch < /usr/ports/www/hiawatha/files/patch-src_session.c


more /usr/ports/www/hiawatha/files/patch-src_session.c
--- src/session.c.orig 2021-04-27 07:15:50 UTC
+++ src/session.c
@@ -33,15 +33,15 @@
static const struct {
const char *text;
} sqli_detection[] = {
- {"'\\s*(;\\s*)?--(\\s|')"},
- {"\\s+(and|or|xor|&&|\\|\\|)\\s*\\(?\\s*('|[0-9]|`?[a-z\\._-]+`?\\s*(=|like)|[a-z]+\\s*\\()"},
- {"\\s+(not\\s+)?in\\s*\\(\\s*['0-9]"},
- {"union(\\s+all)?(\\s*\\(\\s*|\\s+)select(`|\\s)"},
- {"select(\\s*`|\\s+)(\\*|[a-z0-9_\\, ]*)(`\\s*|\\s+)from(\\s*`|\\s+)[a-z0-9_\\.]*"},
- {"insert\\s+into(\\s*`|\\s+).*(`\\s*|\\s+)(values\\s*)?\\(.*\\)"},
- {"update(\\s*`|\\s+)[a-z0-9_\\.]*(`\\s*|\\s+)set(\\s*`|\\s+).*="},
- {"delete\\s+from(\\s*`|\\s+)[a-z0-9_\\.]*`?"},
- {"extractvalue\\s*\\(\\s*[0-9'\"@]"},
+ {"'[[:space:]]*(;[[:space:]]*)?--([[:space:]]|')"},
+ {"[[:space:]]+(and|or|xor|&&|\\|\\|)[[:space:]]*\\(?[[:space:]]*('|[0-9]|`?[a-z\\._-]+`?[[:space:]]*(=|like)|[a-z]+[[:space:]]*\\()"},
+ {"[[:space:]]+(not[[:space:]]+)?in[[:space:]]*\\([[:space:]]*['0-9]"},
+ {"union([[:space:]]+all)?([[:space:]]*\\([[:space:]]*|[[:space:]]+)select(`|[[:space:]])"},
+ {"select([[:space:]]*`|[[:space:]]+)(\\*|[a-z0-9_\\, ]*)(`[[:space:]]*|[[:space:]]+)from([[:space:]]*`|[[:space:]]+)[a-z0-9_\\.]*"},
+ {"insert[[:space:]]+into([[:space:]]*`|[[:space:]]+).*(`[[:space:]]*|[[:space:]]+)(values[[:space:]]*)?\\(.*\\)"},
+ {"update([[:space:]]*`|[[:space:]]+)[a-z0-9_\\.]*(`[[:space:]]*|[[:space:]]+)set([[:space:]]*`|[[:space:]]+).*="},
+ {"delete[[:space:]]+from([[:space:]]*`|[[:space:]]+)[a-z0-9_\\.]*`?"},
+ {"extractvalue[[:space:]]*\\([[:space:]]*[0-9'\"@]"},
7 April 2022, 22:40
I am getting the following warning with lefh:
`PHP Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated in /usr/lib/hiawatha/letsencrypt/hiawatha_config.php on line 87`
Hugo Leisink
8 April 2022, 00:16
You probably have an error in your config file. A '=' missing somewhere?
8 April 2022, 20:56
Thanks for your quick response Hugo, I am getting this error for every comment line of the config file, the lines with a variable assignment are fine.
For the comment lines, `$line` and therefore `$param` are empty and this is what seems to be causing the warning.
Using php 8.1.4.
8 May 2022, 21:43
I have switched to LEGO for my Let's Encrypt client because of this issue with php 8.1.4 in case others experience the same. Of course, I am sticking to Hiawatha for my webserver.
11 May 2022, 19:41
16 MB! @kfft, a 20 KB stand-alone version of the lefh is still valid, https://www.hiawatha-webserver.org/letsencrypt
29 May 2022, 04:11
Please open the forum again!
On my system the reverse proxy function badly mangles 302 redirects sent by the back end.

Back end sends:
HTTP/1.1 302 Found
Date: Sun, 29 May 2022 01:56:24 GMT
Server: Apache/2.4.53 (Debian)
<lots of cookies and other data>
X-Redirect-By: WordPress
Location: http://<correct_address>.ro/wp-admin/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Browser receives:
HTTP/1.1 302 Found
Date: Sun, 29 May 2022 01:56:24 GMT
Server: Hiawatha v11.1
Accept-Ranges: bytes
Connection: keep-alive
Location: /wp-login.php/
Content-Length: 774
Content-Type: text/html