From OnionMail version 1.6 there is a little and simple HTTP server to create an hidden service. This service is optional and can be activated in the server's section of file servers.conf via HasHTTP parameter.
It supports cookyes, session, keep-alive, pipelining, cache policy, security access, captcha, SVG counter, get and post.

Server's HTTP parameters:

HasHTTP (yes | no)

Enable trhe HTTP server for this mail server.

HTTPPort (portNumber)

Set the port (of LocalIP) number.

ManifestWeb (public | private)

Public the web server into the maifest of mail server and into OnionMail's directory.

HTTPBasePath (path)

Set the web server root path.

HTTPRootLogin (string)

Set the server's web root login (if is missing the root login is the nick name of server).

HTTPRootPassword (string | scrambledPassword)

Set the root web root password (if missing is the same of API control port PassWD).

In the servers.conf file you can set other parameters: HTTPServerName, HTTPNCache, ETEXVar, HTTPCache, HTTPAccess, HTTPLogFile.
All web applications parameters are into the config.denied.conf in web root directory.
All files that contains the string ".denied." is inaccessible from web and can be used by web applications.

There are some web application to do server's operation via web:

• User subscription.
• Admin/User logon.
• Web AJAX API.
• Web rulez file.
• Server statistics.
• Voucher web menagement.
• Web counter.
  

All operation are configured via config.denied.conf.

All web application use some replace function to put valuse dinamically.
There are two type of variables (ETEX variables).
The server's variables are replaced from HTML tags: <!--#name#-->
The ETEX variables are replaced from HTML tags: <!--@name@-->
The ETEX extended variables stats with @ character, this is includen into the name: <!--@@name@-->
Se the config.denied.conf section to see all ETEX variables.

All post parameters starting with "om-" prefix are stored in the session (if available) and used by web applications.
The output values of session are stored like ETEX variables into the web application but are visible only by the current session and page.

Special commands:

<!-- KDESTROY --> 

Destroy current session.

<!-- NSESSION --> 

Create a new session if not available.

<!--#CAPTCHA#--> 

Create a new CAPTCHA code.

<!--#RULEZ#--> 

Put the rulez file encoded in HTML.

<$inc[/file]$inc> 

Include a /file into the ETEX application.

If the file extension is TXT the file will encoded in HTML format.

The file is specificed between parenthesis [].