hgweb.exe

What is hgweb.exe?

hgweb.exe is the Windows executable that runs Mercurial's built-in web interface, hgweb. It enables HTTP access to Mercurial repositories, allowing users to browse changesets, read repository data, and perform operations via a browser or API client. This component is part of Mercurial installations and can be run standalone or behind a reverse proxy for remote access.

hgweb.exe hosts the hgweb application by loading Mercurial libraries into a lightweight Python-based HTTP server. It uses hgweb.config to locate repositories, apply permissions, set hooks, and define ports, then serves content to clients through HTTP(S) requests.

Is hgweb-exe Safe?

hgweb.exe is safe when obtained from official Mercurial distributions and executed within a trusted, controlled Windows environment. It operates within the Mercurial installation folder, accesses only configured repository paths, and relies on standard Windows security mechanisms. If the binary originates from the official Mercurial project and matches expected hashes, it represents a legitimate component of the Mercurial web interface.

Is hgweb-exe a Virus?

In legitimate Mercurial deployments, hgweb.exe is not a virus. However, an executable named hgweb.exe that is downloaded from an untrusted source or appears in an unexpected directory could be malicious. Always verify provenance, signatures, and integrity before allowing network exposure of this binary.

How to Verify Legitimacy

1. Check File Location: Confirm hgweb.exe resides in a trusted Mercurial installation directory such as C:\Program Files\Mercurial\ or C:\Mercurial\ and not in a temporary or user-writable folder.
2. Verify Digital Signature: Open Properties for hgweb.exe and view the Digital Signatures tab; signatures should come from Mercurial Project or the official distributor.
3. Check File Hash: Compute SHA256: certutil -hashfile "C:\Program Files\Mercurial\hgweb.exe" SHA256 and compare with the published hash from the Mercurial release notes.
4. Scan for Malware: Run a malware scan with Windows Defender or your enterprise AV to ensure the binary is clean.

Why is it Running?

Reasons it's running:

• Serving Mercurial Repositories: hgweb.exe runs to serve repository data to clients, handling HTTP requests for cloning, pulling, pushing, and reading changesets.
• Configured Port and Host Binding: The process binds to a port defined in hgweb.config or startup options, which can result in network activity even under moderate usage.
• Background/Service Mode: Mercurial can run hgweb.exe as a Windows service or in the background, leading to a persistent process without a visible console.
• Access via Reverse Proxy: When deployed behind Nginx or IIS/Apache, requests pass through the proxy, which can impact logging and request handling in hgweb.
• Dependent on Repository Activity: User interactions such as cloning or pushing to repositories trigger hgweb.exe processing, causing brief CPU and I/O activity during operations.

Can I Disable or Remove It?

Common Problems

Common Causes & Solutions

• High request rate or large repository data being retrieved: Limit concurrent connections, enable caching in the reverse proxy, and consider segmenting repositories or upgrading hardware.
• Invalid Mercurial installation or missing Python/runtime: Reinstall Mercurial, ensure Python is installed and available in PATH, and verify the hgweb.exe path in startup configurations.
• Port blocked by firewall or misconfigured hgweb.config: Open the required port, correct the host binding in hgweb.config, and verify the repository listing paths.
• No TLS termination at the frontend proxy: Configure TLS on a frontend proxy (Nginx/IIS) and pass HTTP to hgweb, or enable TLS in a supported proxy setup.
• Repository path does not exist or permissions denied: Update hgweb.config with correct repo_path values and adjust filesystem permissions for the hgweb user.
• File ACLs restrict hgweb's runtime user: Grant read/write permissions to the user under which hgweb runs; ensure appropriate ownership and group settings.

Related Processes