Built-In Security Features

LiteSpeed Web Server gives you the power to close vulnerabilities

Mitigate attacks early

  • ModSecurity Request Filtering - LiteSpeed Web Server offers excellent ModSecurity compatibility, allowing sophisticated rules for filtering out attacking requests by checking for known attack signatures. LiteSpeed Web Server supported with Atomic Secured Linux and the Atomicorp Realtime ModSecurity Rules.
  • External Application Resource Control - With LiteSpeed, you can set caps on external application resource usage, preventing DoS attacks (like forkbombs) that target your applications.
  • Deny Buffer Overrun Attempts - LiteSpeed Web Server's compiler detects buffer overrun attempts and terminates the application instead of allowing code to be injected into headers.
LSWS can achieve results similar to CageFS without CloudLinux through external application chroot or running all of LSWS from a chroot jail, though this requires individual configuration for each user.

More secure shared hosting

  • CloudLinux CageFS Compatibility - LiteSpeed and CloudLinux share a strong partnership and LSWS is fully compatible with CageFS, allowing administrators to keep users safely separated from each other — even if one site is hacked, it won't be able to access other users' files.
  • Turn Off CGI Completely - CGI scripts can be a large vulnerability, especially for shared hosts. LiteSpeed's unique DisableCgiOverride directive allows you to turn off CGI and make sure your users don't turn it back on (using the Options directive) — security Apache and nginx don't offer.
  • Restrain Virtual Hosts - LiteSpeed's Restrained setting stops sites from accessing files outside of their own virtual host root.
  • Control Symlinks - Symbolic link settings let you to disable symlinks altogether, allow them only when they connect to files with the same owner, or make sure they are checked against access denied lists.
  • Be Strict About Ownership - Our strict ownership checking can make sure that any file accessed is owned by the owner of the virtual host, whether accessed via symlink or not.

Control what files are served

  • Request Checking - "/." is not allowed in a decoded URL, blocking outsiders from seeing hidden files (like .htaccess files).
  • Restrict by Permission Mask - Server-wide settings allow you to set required and restricted permission masks, preventing the server from serving files with certain permission masks. This can be applied to scripts, static files, and/or script directories.

STAY CONNECTED