Angus Robertson

The line that matters here relating to passive IP addresses is ; 227 Entering Passive Mode (27,316,15,428,191,207); which indicates a public address is being correctly advertised to the client, although you have not logged the server IP address so I'm guessing here. You are also using a two year old version of ICS. If even one file transfers correctly, that suggests the correct public IP address is being used. You need to check the logs to make sure the same public IP is being sent for each file. Another possibility is the public IP changed during the session, while most of us have stable public IP addresses that stay the same for weeks or years, some ISPs (mobile in particular) use CNAT and the public IP address may change every few minutes. Angus

I need to see the logs I asked you to keep. Angus

Just did a test with my FTP behind a NAT router, it currently fails to download files. It used to work with my old Sonicwall router which was intelligent enough to manipulate the FTP protocol to change the IP address, but no longer works with my current Draytek Vigor router which apparently does not understand FTP (but does work with IPv6 which the Sonicwall did not). Or maybe I've not configured something in the Draytek. It's probably PasvIpAddr would fix it, but I'd have to change my FTP server and I don't have time as the moment - I have three other public FTP servers so not a priority, sorry. Angus

Unfortunately the use of PasvIpAddr in the FTP server is undocumented and the developer that added and used those options is no longer able to answer questions about them. You'll need to examine your server and client logs and compare them with FileZilla to so what is wrong. I have an ICS FTP server behind a NAT router that works fine without any special settings except PasvPortRangeStart=21001 and PasvPortRangeSize=997, but I'm aware different NAT routers have varying abilities to cope with FTP. Angus

Your example is not thread safe, since AnswerString is being sent from within your own thread rather than the main thread where the client connection was opened. You should have AnswerDelayed := TRUE; in the handler, and then sent the Answer after the thread terminates. Web clients are unlikely to wait hours for a request to conclude, the web server has timeouts. Angus

i have made RFC1123_StrToDate more robust with error handling, it will be in SVN later today with other changes. Angus

Thanks, RFC1123_StrToDate is a very old function that probably precedes TryEncodeTime being added to Delphi, and has worked fine ever since. Using it would avoid an internal exception if the web server returns bad date headers, which is very rare, and you'd get a date at least if the time was invalid. I'll look into it. Angus

The correct way to resume FTP is to use the new TIcsFtpMulti component in OverbyteIcsFtpMulti.pas, with a demo in OverbyteIcsXferTst.dpr, it will automatically repeat failed transfers using resume if possible. There is a function to FTP a single file if you don't want it to automatically upload or download a nested directory structure. Angus

Which component or unit are you referring to? Angus

Sorry, ICS does not support SSH. There is an SSH terminal application on the ICS User Made web page, gut it was written in 2002 using old versions of OpenSSL and ICS,and is unlikely to still work. Angus

OpenSSL does have newer functions to format certificate information, but most users want single fields, not a list of cryptic fields. Angus

All the common subject and issuer fields are available as properties, ie SubjectCName, SubjectOName, IssuerCName, SubjectCOName, SubAltNameDNS, etc, or you can use GetNameEntryByNid with the NID literal for obscure ones like STREET, not even sure that exists... Look at the function ListCertDetail in OverbyteIcsPemtool1.pas which creates a string detailing most certificate fields. Angus

Only concerned about internal DER ASN_ENCODING format which ICS already supports, not file formats. OverbyteIcsPemtool1.pas already has code for opening a store, getting certificate contexts and converting them to X509 and PEM, need to move that into one of the library units, create a PCCERT_CONTEXT and add it to the correct store. Angus

ICS has code to read certificates from the Windows certificate store, but not to add them. Not needed for ICS applications generally, but for servers using SChannel. Angus

Thanks, added to my master, will be in SVN in a couple of days with other minor SSL improvements. Are you working with the Windows certificate store by any chance, by pending list includes putting certificates (Let's Encrypt) into the store. Angus

All Windows services run in their own thread already, TWSocketServer often runs in Windows services without needing extra threads. Using a thread for some client responses and not for others is exactly what the FTP servers does, it is no difficult, just make sure the response is sent in the main thread once SQL is done. Bringing TWSocketThrdServer up to date and creating TsslHttpThrdSrv is a major project and needs someone to sponsor it. My company effectively sponsors most ICS development since I create features mostly that are needed for our applications but which are then used by others without any cost. But so far I've not needed TsslHttpThrdSrv. It has been disscused in the past, it was going to be designed to handle x clients in a single thread before using another thread for x more, typically x would be 100 or more for a simple web server but could be one so each client gets a thread. Angus

Look at the new TIcsMailQueue component added to ICS earlier this year, it does exactly what you need. You can queue hundreds of emails at the same time, and they will be sent and retried over several minutes or days. The component is described half way down the page at http://wiki.overbyte.eu/wiki/index.php/ICS_V8.60 Angus

Not sure why you want to run the server in a thread, that just listens on one or more ports and creates clients. Running the client in a thread can be done, ICS has TWSocketThrdServer that does exactly that, but it is rarely used, has not been updated for 10 years, lacks newer multi-listen and SSL stuff and there is no web server derived from it, lack of demand from end users. My own TSslHttpAppSrv SQL driven web server runs happily in a single thread, the SQL stored procedures rarely take very long so are not blocking others users significantly, obviously this depends on volume, I'm only handling couple of thousand SQL requests a day, from the logging, SQL proc took 16ms, 31ms, 141ms, 63ms, 390ms, 16ms. So I never bothered with threads. As Francois says, using a thread just for the database lookup and returning the page in the main thread is the safest solution, look at class TClientProcessingThread in the ICS FTP server which uses a thread to calculate MD5sums and directory listing, Angus

ICS support Delphi 7 onwards so we avoid any language features or libraries added after that, or have our own versions of them, such as ANSI or Wide5tring functions. Users tell me quickly if I accidentally do something that Delphi 7 does not support so it is still used. Angus

Good, seems to read whole pages correctly now. BTW, your ICS fix is in SVN now. Angus

Or the automated Google scan tools were finding something in one of the components or OpenSSL binaries that has been used in a malicious application somewhere, unfortunately they don't tell you anything specific, just that your site is banned in all browsers until you remove your malicious file, so it's trial and error. Angus

Not sure when Default() was added, but it gave an error in Delphi 2007. The keep-alive issue was not in the ICS server, but in my application. But you still need to fix data being received correctly, if you remove the close line for your google example, it takes four minutes for the window to become responsive and display the received data, which is the Google timeout. The Microsoft page actually shows how poor the ciphers are in older Windows versions, it says there are none for TLS/1,2 in Windows 7, although a couple have now been added. but not nearly as good as OpenSSL supports on Windows 7. Angus

I started fixing errors with Delphi 2007 to get it to build, but there were too many. Simple things like type LONG missing. Does not matter for personal projects, but is important if the code is ever to incorporated into libraries. The issue with async requests seems to relate to most of the content not being returned until the connection is closed. This URL works fine: www.magsys.co.uk GET /delphi/ddservice.asp HTTP/1.1 Connection: close Host: www.magsys.co.uk While this does not, the end of the page only appears after the server closes the connection on a 60 second timeout: www.telecom-tariffs.co.uk GET /serverinfo.htm HTTP/1.1 Connection: close The first server is IIS. the second the ICS web server, so it seems we have aggressive Keep-Alive that is ignoring the Close command, another ICS bug for me to fix. But it shows up a bug in your code as well. I chose that page because it shows the SSL/TLS connection parameters selected by the server, useful to check browser capabilities, and the poor range of ciphers supported by SChannel on older versions of Windows. Angus

And a link to the download page top left, with the words Download Latest DDService. There are no zips on the open Delphi pages because Google blacklists my site when it finds Delphi components. Angus

I've completed a new release of DDService Application Framework from the late Arno Garrels, it now supports Delphi 5, 7 and 2006 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, as well as C++ Builder 2006 to XE5. Note that bugs fixed in these new releases had already been done in DDService. Also added new unit to control, install and remove Windows Service applications. The new and old versions may be downloaded from https://www.magsys.co.uk/delphi/ddservice.asp or from an SVN repository at: http://svn.magsys.co.uk:8443/svn/ddservice/ , use username = ics and password = ics for read access. Angus