fileserv − simple http server for static files


fileserv [−fh] [−a ADDRESS:PORT] [−F FACILITY] [−g GROUP] [−p FILE] [−t IP[/MASK]] [−x HEADER] [−u USER] [HOST:]URL-path:DIR ...


A simple and lightweight HTTP server for serving static files. URLs and directories from which to serve files are supplied as command line arguments. Each argument declares a mapping between the URL of the incoming request and the directory on the local filesystem (think of Apache Alias directive). URLs with a path beginning with URL-path will be mapped to local files beginning with DIR. Optional HOST part limits the mapping to requests that have this value in the HTTP Host: header.

After resolving the mapping, the obtained filename is canonicalized using realpath(3) and the resulting absolute name is checked once more against the mappings to filter out possible breaking attempts.

By default, the program listens on all available interfaces on port 8080. Each request is logged in Apache combined format. Log messages are sent to syslog channel daemon, unless the program is started in foreground mode, in which case standard error is used.

Each log message contains the client IP of the connection. If the X−Forwarded−For header is present, its value overrides that IP. If the header contains a comma-delimited list of IP addresses, this list is processed in right-to-left order, until either a not trusted IP or the first IP in the list is encountered, whichever occurs first.

The list of trusted IP is initially empty. New addresses or networks are added to that list using the −t command line option. E.g.

fileserv -t -t

Any header can be used in place of X−Forwarded−For, provided its name is given as argument to the −x option.

Normally fileserv runs with the privileges of the user that started it. If running as root, the user to run as can be specified using the −u command line option. When switching to the user privileges, the principal and auxiliary groups are changed to those of the requested user. The principal group can be changed using the −g command line option.

Source IPs of the incoming requests are checked using libwrap, if it is available. See hosts_access(5), for details.



Listen on the given address. Both ADDRESS and PORT are optional, but at least one of them must be present. If ADDRESS is omitted, the colon must be retained. In that case the program will listen on all configured IP addresses. If PORT is absent, the colon must be omitted. In that case the default port 8080 will be used.


Send log messages to this syslog facility, instead of the default daemon. Valid facility names are auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, security, syslog, user, uucp, and local0 through local7.


Remain in the foreground.


Run with privileges of GROUP.


Show short help message.


Store PID in FILE. The file must be located in directory writable for the user fileserv runs as.


Defines a range of trusted IP addresses. CIDR is either an IPv4 or IPv6 address, or an address followed by slash and the length of the network mask in decimal. The list of trusted IP addresses is used when processing the X−Forwarded−For header in order to determine the client IP address.


Get remote IP from HEADER, instead of X−Forwarded−For.


Run with this USER privileges.


Copyright © 2017 Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later <>
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

Manpage server at

Powered by mansrv 1.0