Admin Listeners

Admin Listeners are dedicated to the Admin Server. Secure (SSL) listeners are recommended for the Admin Server.

Table of Contents

General

Listener Name | IP Address | Port | Secure | 

SSL Private Key & Certificate

Private Key File | Certificate File | Chained Certificate | CA Certificate Path | CA Certificate File | 

SSL Protocol

SSL Protocol Version | Ciphers | Enable ECDH Key Exchange | Enable DH Key Exchange | DH Parameter | 

Security & Features

SSL Renegotiation Protection | 

Client Verification

Client Verification | Verify Depth | Client Revocation Path | Client Revocation File | 

Listener NameGo to top
Description: A unique name for this listener.
IP AddressGo to top
Description: Specifies the IP of this listener. All available IP addresses are listed. IPv6 addresses are enclosed in "[]". To listen on all IPv4 IP addresses, select ANY. To listen on all IPv4 and IPv6 IP addresses, select [ANY]. In order to serve both IPv4 and IPv6 clients, an IPv4-mapped IPv6 address should be used instead of a plain IPv4 address. An IPv4-mapped IPv6 address is written as [::FFFF:x.x.x.x].
Syntax: Select from drop down list
Tips: [Security] If your machine has multiple IPs on different sub-networks, you can select a specific IP to only allow traffic from the corresponding sub-network.
PortGo to top
Description: Specifies the TCP port of the listener. Only the super user ("root") can use ports lower than 1024. Port 80 is the default HTTP port. Port 443 is the default HTTPS port.
Syntax: Integer number
SecureGo to top
Description: Specifies whether this is a secure (SSL) listener. For secure listeners, additional SSL settings need to be set properly.
Syntax: Select from radio box
SSL Private Key & CertificateGo to top
Description: Every SSL listener requires a paired SSL private key and SSL certificate. Multiple SSL listeners can share the same key and certificate. You can generate SSL private keys yourself using an SSL software package, such as OpenSSL. SSL certificates can also be purchased from an authorized certificate issuer like VeriSign or Thawte. You can also sign the certificate yourself. That certificate will not be trusted by web browsers and should not be used on public web sites containing critical data. However, a self-signed certificate is good enough for internal use, e.g. for encrypting traffic to LiteSpeed Web Server's WebAdmin console.
Private Key FileGo to top
Description: Specifies the file name of the SSL private key file. The key file should not be encrypted.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
Tips: [Security] The private key file should be placed in a secured directory that allows read-only access to the user the server runs as.
Certificate FileGo to top
Description: Specifies the file name of the SSL certificate file.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
Tips: [Security] The certificate file should be placed in a secured directory, which allows read-only access to the user that the server runs as.
Chained CertificateGo to top
Description: Specifies whether the certificate is a chained certificate or not. The file that stores a certificate chain must be in PEM format, and the certificates must be in the chained order, from the lowest level (the actual client or server certificate) to the highest level (root) CA.
Syntax: Select from radio box
CA Certificate PathGo to top
Description: Specifies the directory where the certificates of certification authorities (CAs) are kept. Those certificates are used for client certificate authentication and constructing the server certificate chain, which will be sent to browsers in addition to the server certificate.
Syntax: path
CA Certificate FileGo to top
Description: Specifies the file that contains all certificates of certification authorities (CAs) for chained certificates. This file is simply the concatenation of PEM-encoded certificate files, in order of preference. This can be used as an alternative or in addition to CA Certificate Path. Those certificates are used for client certificate authentication and constructing the server certificate chain, which will be sent to browsers in addition to the server certificate.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
SSL ProtocolGo to top
Description: Customizes SSL protocols accepted by the listener.
SSL Protocol VersionGo to top
Description: Specifies which version of SSL protocol will be used. You can choose from SSL v3.0 and TLS v1.0. Since OpenSSL 1.0.1, TLS v1.1 and TLS v1.2 are also supported.
CiphersGo to top
Description: Specifies the cipher suite to be used to negotiate the SSL handshake. LSWS supports cipher suites implemented in SSL v3.0, TLS v1.0, and TLS v1.2.
Syntax: Colon-separated string of cipher specifications. LSWS supports all cipher suites implemented in SSL v3.0, TLS v1.0, and TLS v1.2.
Example: ECDHE-RSA-AES128-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Tips: [Security] We recommend ECDHE-RSA-AES128-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Enable ECDH Key ExchangeGo to top
Description: Allows use of Elliptic Curve Diffie-Hellman key exchange for further SSL encryption.
Syntax: Select from radio box
Tips: [Security] ECDH key exchange is more secure than using just an RSA key. ECDH and DH key exchange are equally secure. [Performance] Enabling ECDH key exchange will increase CPU load and is slower than using just an RSA key.
Enable DH Key ExchangeGo to top
Description: Allows use of Diffie-Hellman key exchange for further SSL encryption.
Syntax: Select from radio box
Tips: [Security] DH key exchange is more secure than using just an RSA key. ECDH and DH key exchange are equally secure. [Performance] Enabling DH key exchange will increase CPU load and is slower than ECDH key exchange and RSA. ECDH key exchange is preferred when available.
DH ParameterGo to top
Description: Specifies the location of the Diffie-Hellman parameter file necessary for DH key exchange.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
SSL Renegotiation ProtectionGo to top
Description: Specifies whether to enable SSL Renegotiation Protection to defend against SSL handshake-based attacks. The default value is "Yes".
Syntax: Select from radio box
Client VerificationGo to top
Description: Enterprise Edition Only Specifies the type of client certifcate authentication. Available types are:
  • None: No client certificate is required.
  • Optional: Client certificate is optional.
  • Require: The client must has valid certificate.
  • Optional_no_ca: Same as optional.
The default is "None".
Syntax: Select from drop down list
Tips: "None" or "Require" are recommended.
Verify DepthGo to top
Description: Enterprise Edition Only Specifies how deeply a certificate should be verified before determining that the client does not have a valid certificate. The default is "1".
Syntax: Select from drop down list
Client Revocation PathGo to top
Description: Enterprise Edition Only Specifies the directory containing PEM-encoded CA CRL files for revoked client certificates. The files in this directory have to be PEM-encoded. These files are accessed through hash file names, hash-value.rN. Please refer to openSSL or Apache mod_ssl documentation regarding creating the hash filename.
Syntax: path
Client Revocation FileGo to top
Description: Enterprise Edition Only Specifies the file containing PEM-encoded CA CRL files enumerating revoked client certificates. This can be used as an alternative or in addition to Client Revocation Path.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.

Administration Console Settings

Admin Server is a special virtual host dedicated to the WebAdmin console. It is very important to make sure Admin Server is securely protected either by only allowing access from the administrator's machines or by using an encrypted SSL connection.

Table of Contents

General

Enable Core Dump | Session Timeout (secs) | 

Virtual Host Log

Use Server Log | File Name | Log Level | Rolling Size | 

Access Log

Log Control | File Name | Piped Logger | Log Format | Log Headers | Rolling Size | Keep Days | Bytes Log | Compress Archive | 

Access Control

Allowed List | Denied List | 

Web Admin Users

Admin User | 

Enable Core DumpGo to top
Description: Specifies whether to enable core dump when the server is started by "root" user. For most modern Unix systems, processes that change user ID or group ID are not allowed to dump a core file for security reasons. However, it is much easier to identify root cause of a problem with a core dump. This option only works on Linux kernel 2.4 and up. Solaris users should use the coreadm command to control this feature.
Syntax: Select from radio box
Tips: [Security] Only enable this when you see no core file created in the server log file. Disable it immediately after producing the core file. Please submit a bug report when a core dump has been created.
Session Timeout (secs)Go to top
Description: Customize the session timeout length of WebAdmin console. The default is 60 seconds if no value is set.
Syntax: Integer number
Tips: [Security] Set a proper value for production use, usually less than 300 seconds.
Use Server LogGo to top
Description: Specifies whether to put log messages from this virtual host into the server log file instead of creating its own log file.
Syntax: Select from radio box
File NameGo to top
Description: Specifies the path for the log file.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
Tips: [Performance] Place the log file on a separate disk.
Log LevelGo to top
Description: Specifies the level of logging. Available levels (from high to low) are ERROR, WARNING, NOTICE, INFO, and DEBUG. Only messages with a level higher than or equal to the current setting will be logged. If you want to set it to DEBUG, you must set the server log level to DEBUG as well. The level of debugging is controlled solely at the server level by Debug Level.
Syntax: Select from drop down list
Tips: [Performance] Unless Debug Level is set to a level other than NONE, DEBUG log level does not have any performance impact and is recommended.
See Also: Debug Level
Rolling SizeGo to top
Description: Specifies when the current log file needs to be rolled over, also known as log rotation. When the file size is over the rollover limit, the active log file will be renamed to log_name.mm_dd_yyyy(.sequence) in the same directory and a new active log file will be created. The actual size of the rotated log file once it is created will sometimes be a little bigger than this size limit. Set to 0 to disable log rotation.
Syntax: Integer number
Tips: Append "K", "M", "G" to the number for kilo-, mega- and giga- bytes.
Log ControlGo to top
Description: Specifies where to write the access log. There are three options: 1. Write to the server's access log; 2. Create an access log for this virtual host; 3. Disable access logging.
Syntax: Select from drop down list
File NameGo to top
Description: Specifies the file name of the access log file.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
Tips: [Performance] Put access log file on a separate disk.
Piped LoggerGo to top
Description: Specifies the external application that will receive the access log data sent by LiteSpeed through a pipe on its STDIN stream (file handle is 0). When this field is specified, the access log will be sent only to the logger application and not the access log file specified in previous entry.

The logger application must be defined in External Application section first. Server-level access logging can only use an external logger application defined at the server level. Virtual host-level access logging can only use a logger application defined at the virtual host level.

The logger process is spawned in the same way as other external (CGI/FastCGI/LSAPI) processes. This means it will execute as the user ID specified in the virtual host's ExtApp Set UID Mode settings and will never run on behalf of a privileged user.

LiteSpeed web server performs simple load balancing among multiple logger applications if more than one instance of a logger application is configured. LiteSpeed server always attempts to keep the number of logger applications as low as possible. Only when one logger application fails to process access log entries in time will the server attempt to spawn another instance of the logger application.

If a logger crashes, the web server will start another instance but the log data in the stream buffer will be lost. It is possible to lose log data if external loggers cannot keep up with the speed and volume of the log stream.
Syntax: Select from drop down list
Log FormatGo to top
Description: Enterprise Edition Only Specifies the log format for the access log. When log format is set, it will override the Log Headers setting.
Syntax: String. The syntax of log format is compatible with Apache 2.0's custom log format.
Example: Common Log Format (CLF)
"%h %l %u %t \"%r\" %>s %b"

Common Log Format with Virtual Host
"%v %h %l %u %t \"%r\" %>s %b"

NCSA extended/combined log format
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"

Log cookie value of Foobar
"%{Foobar}C"
See Also: Log Headers
Log HeadersGo to top
Description: Specifies whether to log HTTP request headers: Referer, UserAgent, and Host.
Syntax: Select from checkbox
Tips: [Performance] Turn this off if you do not need these headers in the access log.
See Also: Log Format
Keep DaysGo to top
Description: Specifies how many days the access log file will be kept on disk. Only rotated log files older than specified number of days will be deleted. The current log file will not be touched regardless how many days' data it contains. If you do not want to auto-delete stale and very old log files, set this value to 0.
Syntax: Integer number
Bytes LogGo to top
Description: Specifies the path to the bandwidth bytes log file. When specified, a cPanel compatible bandwidth log will be created. This will log the total bytes transferred for a request including both the request and reply body.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
Tips: [Performance] Put the log file on a separate disk.
Compress ArchiveGo to top
Description: Specifies whether to compress rotated log files in order to save disk space.
Syntax: Select from radio box
Tips: Log files are highly compressible and this is recommended to reduce disk usage for old logs.
Access ControlGo to top
Description: Specifies what sub-networks and/or IP addresses can access this virtual host in addition to server-level access control. This virtual host setting does NOT override the server setting. Whether to block/allow an IP is determined by the combination of the allowed list and denied list. If you want to block only certain IPs or sub-networks, put * or ALL in the allowed list and list the blocked IPs or sub-networks in the denied list. If you want to only allow certain IPs or sub-networks, put * or ALL in the denied list and list the allowed IPs or sub-networks in the allowed list. The setting of the smallest scope that fits for an IP will be used to determine whether to block or allow access.
Allowed ListGo to top
Description: Specifies the list of IPs or sub-networks allowed.
Syntax: Comma-delimited list of IP addresses or sub-networks. * or ALL are allowed. Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
Denied ListGo to top
Description: Specifies the list of IPs or sub-networks disallowed.
Syntax: Comma delimited list of IP addresses or sub-networks. * or ALL are accepted.
Example: Sub-networks: 192.168.1.0/255.255.255.0, 192.168.1.0/24, 192.168.1 or 192.168.1.*.
IPv6 addresses: ::1 or [::1]
IPv6 subnets: 3ffe:302:11:2:20f:1fff:fe29:717c/64 or [3ffe:302:11:2:20f:1fff:fe29:717c]/64.
Admin UserGo to top
Description: Change the user name and password for WebAdmin Console. The old password has to be entered and verified in order to save the changes.
Tips: If you forget the admin password, you cannot change it from the WebAdmin console. Please use the following command from shell instead: [your install dir]/admin/misc/admpass.sh

Context

In LiteSpeed Web Server terminology, a "context" is a virtual location, a common parent URL, that identifies a group of resources. Contexts can be thought of as different directories in your website's directory tree. For example, "/" is the root context mapped to the document root of a website. "/cgi-bin/" is a context farther up on the tree, dedicated to the CGI applications for this site. A context can be explicitly defined in LiteSpeed's WebAdmin console for the following purposes:

  • To make a file system outside of the document root accessible.
  • To block access to certain resources.
  • To setup user-level authentication for certain resources.
  • To create mount points for external applications.
  • To redirect requests to another location.

Table of Contents

Static Context

URI | Location | Accessible | Enable Expires | Expires Default | Expires By Type | Extra Headers | MIME Type | Force MIME Type | Default MIME Type | Auto Index | Index Files | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Rewrite | Rewrite Inherit | Rewrite Base | Rewrite Rules | Enable Cache | Cache Expire Time (Seconds) | Cache Stale Age (Seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (Seconds) | Enable IP Geolocation | Apache Style Configurations | 

Java Web App Context

URI | Location | Servlet Engine | Enable Expires | Expires Default | Expires By Type | Extra Headers | Auto Index | Index Files | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Cache | Cache Expire Time (Seconds) | Cache Stale Age (Seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (Seconds) | Enable IP Geolocation | 

Servlet Context

URI | Servlet Engine | Extra Headers | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Cache | Cache Expire Time (Seconds) | Cache Stale Age (Seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (Seconds) | Enable IP Geolocation | 

FastCGI Context

URI | FastCGI App | Extra Headers | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Cache | Cache Expire Time (Seconds) | Cache Stale Age (Seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (Seconds) | Enable IP Geolocation | 

LiteSpeed SAPI Context

URI | LiteSpeed SAPI App | Extra Headers | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Cache | Cache Expire Time (Seconds) | Cache Stale Age (Seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (Seconds) | Enable IP Geolocation | 

Proxy Context

URI | Web Server | Extra Headers | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Cache | Cache Expire Time (Seconds) | Cache Stale Age (Seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (Seconds) | Enable IP Geolocation | 

CGI Context

URI | Path | Extra Headers | Allow Set UID | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Rewrite | Rewrite Inherit | Rewrite Base | Rewrite Rules | Enable Cache | Cache Expire Time (Seconds) | Cache Stale Age (Seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (Seconds) | Enable IP Geolocation | Apache Style Configurations | 

Redirect Context

URI | External Redirect | Status Code | Destination URI | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | 

Load Balancer Context

URI | Load Balancer | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Cache | Cache Expire Time (Seconds) | Cache Stale Age (Seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (Seconds) | Enable IP Geolocation | 

Rack/Rails Context

URI | Location | Run-Time Mode | Max Connections | Environment | Enable Expires | Expires Default | Expires By Type | Extra Headers | Index Files | Auto Index | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Rewrite | Rewrite Inherit | Rewrite Base | Rewrite Rules | Enable Cache | Cache Expire Time (Seconds) | Cache Stale Age (Seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (Seconds) | Enable IP Geolocation | 

Static ContextGo to top
Description: Context settings are used to specify special settings for files in a certain location. These settings can be used to bring in files outside of the document root (like Apache's Alias or AliasMatch directives), or to protect a particular directory using authorization realms, or to block or restrict access to a particular directory within the document root.
URIGo to top
Description: Specifies the URI for this context.
Syntax: The URI can be a plain URI (starting with "/") or a Perl compatible regular expression URI (starting with "exp:"). If a plain URI ends with a "/", then this context will include all sub-URIs under this URI. If the context maps to a directory on the file system, a trailing "/" must be added.
See Also: Location
LocationGo to top
Description: Specifies the corresponding location of this context in the file system.
Syntax: It can be an absolute path or path relative to $SERVER_ROOT, $VH_ROOT, or $DOC_ROOT. $DOC_ROOT is the default relative path, and can be omitted.

If the URI is a regular expression, then the matched sub-string can be used to form the "Root" string. The matched sub-string can be referenced with the values "$1" - "$9". "$0" and "&" can be used to reference the whole matched string. Additionally, a query string can be set by appending a "?" followed by the query string. Be careful. "&" should be escaped as "\&" in the query string.
Example: A plain URI like /examples/ with Location set to /home/john/web_examples will map the request "/examples/foo/bar.html" to file "/home/john/web_examples/foo/bar.html".
To simulate Apache's mod_userdir, set URI to exp: ^/~([A-Za-z0-9]+)(.*), set Location to /home/$1/public_html$2. With these settings, a request of URI /~john/foo/bar.html will map to file /home/john/public_html/foo/bar.html.
See Also: URI
AccessibleGo to top
Description: Specifies whether this context can be accessed. Set to No to deny access. You can use this feature to protect the specified directory from being visited. You may use it when you are updating contents for this context or you have special data in this directory.
Syntax: Select from radio box
Enable ExpiresGo to top
Description: Specifies whether to generate an Expires header for static files. If enabled, an Expires header will be generated based on Expires Default and Expires By Type.

This can be set at server, virtual host and context level. Lower level settings will override higher level ones, i.e. context settings will override virtual host settings and virtual host settings will override server settings.
Syntax: Select from radio box
Expires DefaultGo to top
Description: Specifies default settings for Expires header generation. This setting takes effect when Enable Expires is set to "Yes". It can be overridden by Expires By Type. Do not set this default at the server or virtual host level unless you have to, since it will generate Expires headers for all pages. Most of time this should be set at the context level for certain directories that do not change often. If there is no default setting, no Expires header will be generated for types not specified in Expires By Type.
Syntax: A|Mseconds
The file will expire after base time(A|M) plus specified seconds. Base time "A" sets the value to the client's access time and "M" to the file's last modified time.
Expires By TypeGo to top
Description: Specifies Expires header settings for individual MIME types.
Syntax: Comma delimited list of "MIME-type=A|Mseconds". The file will expire after base time (A|M) plus specified seconds.

Base time "A" sets the value to the client's access time and "M" to the file's last modified time. MIME-type accepts wildcard "*", like image/*.
Extra HeadersGo to top
Description: Specifies extra response headers to be added. Multiple headers can be added, one header per line.
Syntax: "[HeaderName]: [HeaderValue]" in each line.
Example: Cache-control: no-cache, no-store
My-header: Custom header value
MIME TypeGo to top
Description: Specifies additional MIME types and mappings for this context. New mappings will override existing mappings under this context and its children contexts.
If you want to show PHP scripts as text files instead of being executed as scripts, just override the .php mapping to MIME type "text/plain".
Syntax: MIME-type1 extension extension ..., MIME-type2 extension ... Use comma to separate between MIME types, use space to separate multiple extensions.
Example: image/jpg jpeg jpg, image/gif gif
Force MIME TypeGo to top
Description: When specified, all files under this context will be served as static files with the MIME type specified regardless of file suffix. When set to NONE, inherited force type setting will be disabled.
Syntax: MIME type or NONE.
Default MIME TypeGo to top
Description: When specified, this type will be used when MIME type mapping cannot be determined by the suffix of a document or if there is no suffix. If not specified, the default value application/octet-stream will be used.
Syntax: MIME-type
Auto IndexGo to top
Description: Specifies whether to generate a directory index on the fly when index files listed in Index Files are not available in a directory. This option is customizable at the virtual host and context level, and is inherited along the directory tree until it is explicitly overridden. You can customize the generated index page. Please check online wiki How-tos.
Syntax: Select from radio box
Tips: [Security] It is recommended to turn off Auto Index wherever possible to prevent revealing confidential data.
See Also: Index Files, Auto Index URI
Index FilesGo to top
Description: Specifies names of index files that will be searched sequentially when a URL is mapped to a directory. You can customize it at the server, virtual host, and context level.
Syntax: Comma delimited list of index file names.
Tips: [Performance] Only set index files that you need.
Allow OverrideGo to top
Description: Specifies what directives in an access control file are allowed. An access control file can be placed in a directory to control the accessibility of files under that directory.
  • When nothing is checked, inherited default settings will be used.
  • When None is checked, access control files will be ignored.
  • When Limit is checked, directives "Order", "Allow from" and "Deny from" are allowed.
  • When Auth is checked, directives "AuthGroupFile", "AuthName", "AuthType", "AuthUserFile", and "Require" are allowed.
  • When FileInfo is checked, directives "Satisfy", AddDefaultCharset", "AddType", "DefaultType", "ForceType", "ExpiresActive", "ExpiresDefault", "ExpiresByType", "Redirect", "RedirectTemp", "RedirectPermanent", "RewriteEngine", "RewriteOptions", "RewriteBase", "RewriteCond" and "RewriteRule" are allowed
  • When Indexes is checked, directive "DirectoryIndex" is allowed
  • When Options is checked, directive "Options" is allowed

Allow Override configuration is available at three levels: server, virtual host and context. If a configuration is not checked at the server level, the controlled directives will be disabled for the whole server whether or not it is enabled at lower levels. If something is enabled at the server level, virtual hosts will inherit same settings by default. Similarly context level settings will be inherited from virtual host settings. Lower levels can disable a setting that is enabled at an upper level, but cannot enable a setting that is disabled at an upper level.
Syntax: Select from checkbox
Tips: [Performance] If there is no need for directory level configuration customization, check None.
RealmGo to top
Description: Specifies the authorization realm for this context. When specified, a valid user name and password must be provided in order to access this context. Authorization Realms are set up in the Virtual Host Security section. This setting uses each realm's Realm Name.
Syntax: Select from drop down list
Authentication NameGo to top
Description: Specifies an alternative name for the authorization realm for current context. If it is not specified, the original realm name will be used. The authentication name is displayed on the browser's login pop-up.
Require (Authorized Users/Groups)Go to top
Description: Specifies which user/group can access this context. This allows you to use one user/group database (specified in Realm) across a number of contexts, but only allow certain users/groups from that database to access this context.
Syntax: Syntax is compatible with Apache's Require directive. For example:
  • user username [username ...]
    Only listed users can access this context;
  • group groupid [groupid ...]
    Only users belonging to the listed groups can access this context.
If this setting is not specified, all valid users will be able to access this resource.
Access AllowedGo to top
Description: Specifies which IPs or sub-networks are allowed to access resources under this context. Together with Access Denied and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
Access DeniedGo to top
Description: Specifies which IPs or sub-networks are NOT allowed to access resources under this context. Together with Access Allowed and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
AuthorizerGo to top
Description: Specifies an external application that can be used to generate authorized/unauthorized decisions. Currently, only the FastCGI Authorizer is available. For more details about the FastCGI Authorizer role, please visit http://www.fastcgi.com.
Syntax: Select from drop down list
Add Default CharsetGo to top
Description: Specifies whether to add a character set tag to the "Content-Type" response header, when content type is either "text/html" or "text/plain" without any parameters. When set to Off, this function is disabled. When set to On, either the character set specified by Customized Default Charset or the default "iso-8859-1" will be added.
Syntax: Select from radio box
Customized Default CharsetGo to top
Description: Specifies a character set to be used when Add Default Charset is On. This is optional. The default value is iso-8859-1. This entry has no effect when Add Default Charset is Off.
Syntax: Name of a character set, like utf-8
Example: utf-8
Enable RewriteGo to top
Description: Specifies whether to enable LiteSpeed's URL rewrite engine. This option can be customized at virtual host- and context-level, and is inherited along the directory tree until it is explicitly overridden.
Syntax: Select from radio box
Rewrite InheritGo to top
Description: Specifies whether to inherit rewrite rules from parent contexts. If rewrite is enabled and not inherited, rewrite base and rewrite rules defined in this context will be used.
Syntax: Select from radio box
Rewrite BaseGo to top
Description: Specifies the base URL for rewrite rules.
Syntax: URL
Rewrite RulesGo to top
Description: Specifies a list of rewrite rules at virtual host or context level. A rewrite rule is comprised of one RewriteRule directive and optionally preceded by multiple RewriteCond directives.
  • Each directive should take only one line.
  • RewriteCond and RewriteRule follow Apache's rewrite directive syntax. Just copy and paste rewrite directives from your Apache configuration files.
  • There are minor differences between LiteSpeed and Apache mod_rewrite implementation:
    • %\{LA-U:variable\} and %\{LA-F:variable\} are ignored by the LiteSpeed rewrite engine
    • two new server variables are added in the LiteSpeed rewrite engine: %\{CURRENT_URI\} represents the current URI processed by the rewrite engine and %\{SCRIPT_NAME\} has the same meaning as the corresponding CGI environment variable.
The implementation of LiteSpeed's rewrite engine follows the specifications of Apache's rewrite engine. For more details about rewrite rules, please refer to Apache's mod_rewrite document and Apache's URL rewriting guide.
Syntax: string
Enable CacheGo to top
Description: Specifies whether to turn on cache for the current context, either at the server level, virtual host level, or directory level.

Virtual hosts configured through Apache httpd.conf can use the "CacheEnable" and "CacheDisable" directives at the server, virtual host, directory, files, and location level or in .htaccess. "CacheEnable" and "CacheDisable" directives are compatible with Apache mod_cache directives. However, when used at the directory, file, or location level or in a .htaccess, "CacheEnable" and "CacheDisable" will only be applied to all directories below current level. URL parameters will be ignored.
Syntax: Integer number
Tips: [Performance] It is not recommended to store large objects with low hit rates in the cache. This may result in high I/O wait and reduce overall server performance.
Cache Expire Time (Seconds)Go to top
Description: Specifies how long an object will be cached. The default is "86400" seconds (one day).
Syntax: Integer number
Cache Stale Age (Seconds)Go to top
Description: Specifies how long an object will continue to be served after its cache has expired but bbefore the new cache is available. The default is "10" seconds.
Syntax: Integer number
Cache Request with Query StringGo to top
Description: Specifies whether to cache a request with a query string in the URL. The default is "No Cache". When a URL rewrite is involved, the server will check against the rewritten URL.
Syntax: Select from drop down list
Cache Request with CookieGo to top
Description: Specifies whether to cache a request containing cookies. The default is "No Cache".
Syntax: Select from drop down list
Cache Response with CookieGo to top
Description: Specifies whether to cache a response containing cookies. The default is "No Cache".
Syntax: Select from drop down list
Ignore Request Cache-ControlGo to top
Description: Specifies whether to ignore Cache-Control request headers. The default is "No". If set to "Yes", the server may serve a cached object when "no-cache" has been set in Cache-Control.
Syntax: Select from drop down list
Ignore Response Cache-ControlGo to top
Description: Specifies whether to ignore Cache-Control response headers. The default is "No". If set to "Yes", the response can be cached by the server even when "no-store", "private" has been set in a Cache-Control header.
Syntax: Select from drop down list
Enable Private CacheGo to top
Description: Specifies whether to turn on private cache for the current context, either at server level, virtual host level, or directory level.

Private cache will cache a copy per user based on IP and cookies.
Virtual hosts configured through Apache httpd.conf can use the "CacheEnable private /url" and "CacheDisable private /url" directives at server, virtual host, directory, files, and location levels or in a .htaccess file. "CacheEnable private" and "CacheDisable private" are compatible with Apache's mod_cache directives and will be applied to all directories below the current level. However, when used at the directory, file, and location level or in a .htaccess file, "CacheEnable private" and "CacheDisable private" will be applied to all directories below the current level. URL parameters will be ignored.
Syntax: Integer number
Tips: [Performance] It is not recommended to store large objects with low hit rates in the cache. This may result in high I/O wait and reduce overall server performance.
Private Cache Expire Time (Seconds)Go to top
Description: Specifies how long an object will be cached in private cache. The default is "60" seconds.
Syntax: Integer number
Enable IP GeolocationGo to top
Description: Enterprise Edition Only Specifies whether to enable IP geolocation lookup. It can be set at server-, virtual host-, or context-level.
Syntax: Select from radio box
See Also: Use Client IP in Header, DB File Path, DB Cache Type
Apache Style ConfigurationsGo to top
Description: Specifies Apache configuration directives (supported by LiteSpeed) that you want to use in LiteSpeed native configuration file. For example, to override the default PHP configurations (php.ini entries) the server will need four directives: "php_value", "php_flag", "php_admin_value" and "php_admin_flag".
Syntax: Same as Apache configuration file.
Java Web App ContextGo to top
Description: Many people running Java applications use the servlet engine to serve static content as well. But no servlet engine is nearly as efficient as LiteSpeed Web Server for these processes. In order to improve the overall performance, LiteSpeed Web Server can be configured as a gateway server, which serves static content and forwards dynamic Java page requests to the servlet engine.

LiteSpeed Web Server requires certain contexts to be defined in order to run a Java application. A Java Web App Context automatically creates all required contexts based on the Java web application's configuration file (WEB-INF/web.xml).

There are a few points you need to keep in mind when setting up a Java Web App Context:
  • A Servlet Engine external application must be set up in External Application before Java Web App Context can be set up.
  • A Script Handler for .jsp files should be defined as well.
  • If the web application is packed into a .war file, the .war file must be expanded. The server cannot access compressed archive files.
  • For the same resources, the same URL should be used no matter whether it is accessed through LiteSpeed Web Server or through the servlet engine's built-in HTTP server.

    For example, Tomcat 4.1 is installed under /opt/tomcat. Files for the "examples" web application are located at /opt/tomcat/webapps/examples/. Through Tomcat's built-in HTTP server, the "examples" web application is thus accessed with a URI like "/examples/***". The corresponding Java Web App Context should thus be configured: URI = /examples/, Location = /opt/tomcat/webapps/examples/.
URIGo to top
Description: Specifies the URI for this context. The URI should start with a "/". If a URI ends with a "/", then this context will include all sub-URIs under this URI.
Syntax: URI
LocationGo to top
Description: Specifies the directory that contains the files for this web application. This is the directory containing "WEB-INF/web.xml".
Syntax: path
Servlet EngineGo to top
Description: Specifies the name of the servlet engine that serves this web application. Servlet engines must be defined in the External Application section at the server or virtual host level.
Syntax: Select from drop down list
Servlet ContextGo to top
Description: Servlets can be imported individually through Servlet Contexts. A Servlet Context just specifies the URI for the servlet and the name of the servlet engine. You only need to use this when you do not want to import the whole web application or you want to protect different servlets with different authorization realms. This URI has the same requirements as for a Java Web App Context.
FastCGI ContextGo to top
Description: FastCGI applications cannot be used directly. A FastCGI application must be either configured as a script handler or mapped to a URL through FastCGI context. A FastCGI context will associate a URI with a FastCGI application.
FastCGI AppGo to top
Description: Specifies the name of the FastCGI application. This application must be defined in the External Application section at the server or virtual host level.
Syntax: Select from drop down list
LiteSpeed SAPI ContextGo to top
Description: External applications cannot be used directly. They must be either configured as a script handler or mapped to a URL through a context. An LiteSpeed SAPI Context will associate a URI with an LSAPI (LiteSpeed Server Application Programming Interface) application. Currently PHP, Ruby and Python have LSAPI modules. LSAPI, as it is developed specifically for LiteSpeed web server, is the most efficient way to communicate with LiteSpeed web server.
LiteSpeed SAPI AppGo to top
Description: Specifies the name of the LiteSpeed SAPI application to be connected to this context. This application must be defined in the External Application section at the server or virtual host level.
Syntax: Select from drop down list
Proxy ContextGo to top
Description: A Proxy Context enables this virtual host as a transparent reverse proxy server. This proxy server can run in front of any web servers or application servers that support HTTP protocol. The External web server that this virtual host proxies for has to be defined in External Application before you can set up a Proxy Context.
Web ServerGo to top
Description: Specifies the name of the external web server. This external web server must be defined in the External Application section at the server or virtual host level.
Syntax: Select from drop down list
CGI ContextGo to top
Description: A CGI context defines scripts in a particular directory as CGI scripts. This directory can be inside or outside of the document root. When a file under this directory is requested, the server will always try to execute it as a CGI script, no matter if it's executable or not. In this way, file content under a CGI Context is always protected and cannot be read as static content. It is recommended that you put all your CGI scripts in a directory and set up a CGI Context to access them.
PathGo to top
Description: Specifies the location of CGI scripts.
Syntax: The path can be a directory that contains a group of CGI scripts, like $VH_ROOT/myapp/cgi-bin/. In this case, the context URI must end with "/", like /app1/cgi/. The Path can also specify only one CGI script, like $VH_ROOT/myapp/myscript.pl. This script should have the corresponding URI /myapp/myscript.pl.
Allow Set UIDGo to top
Description: Specifies whether the set UID bit is allowed for CGI scripts. If the set UID bit is allowed and the set UID bit is enabled for a CGI script, no matter which user the CGI script was started on behalf of, the user ID of the CGI process will switch to the user ID of the owner of the CGI script.
The default is "Off".
Syntax: Select from radio box
Tips: [Security] Do not allow Set UID CGI scripts whenever possible, as it is inherently a security risk.
Redirect ContextGo to top
Description: A Redirect Context can be used to forward one URI or a group of URIs to another location. The destination URI can be either on the same web site (an internal redirect) or an absolute URI pointing to another web site (an external redirect).
External RedirectGo to top
Description: Specifies whether this redirect is external. For external redirection, Status Code may be specified and Destination URI can start either with "/" or "http(s)://". For internal redirection, Destination URI must start with "/".
Status CodeGo to top
Description: Specifies the response status code of the external redirection. If the status code is between 300 and 399, Destination URI can be specified.
Syntax: Select from drop down list
Destination URIGo to top
Description: Specifies the target location of the redirection. If this redirected URI maps to a URI in another redirect context, it will be redirected again.
Syntax: This URI can either be a relative URI on the same web site starting with "/", or an absolute URI pointing to different web site starting with "http(s)://". If the URI contains regular expression, the destination can reference the matched variables, such as $1 or $2.
Load Balancer ContextGo to top
Description: Like other external applications, load balancer worker applications cannot be used directly. They must be mapped to a URL through a context. A Load Balancer Context will associate a URI to be load balanced by the load balancer workers.
Load BalancerGo to top
Description: Specifies the name of the load balancer to be associated to this context. This load balancer is a virtual application, and must be defined in the External Application section at the server or virtual host level.
Syntax: Select from drop down list
Rack/Rails ContextGo to top
Description: A Rack/Rails Context provides an easy way to configure a Ruby Rack/Rails application. To add a Rack/Rails application through a Rack/Rails Context, only mounting the URL and the application's root directory is required. There is no need to go through all the troubles to define an external application, add a 404 handler, and rewrite rules, etc.
Run-Time ModeGo to top
Description: Specifies which mode Rack/Rails will be running as: "Development", "Production", or "Staging". The default is "Production".
Syntax: Select from drop down list
Max ConnectionsGo to top
Description: Specifies the maximum number of concurrent connections that can be established between the web server and an external application. This setting controls how many requests can be processed concurrently by an external application, however, the real limit also depends on the external application itself. Setting this value higher will not help if the external application is not fast enough or cannot scale to a large number of concurrent requests.
Syntax: Integer number
Tips: [Performance] Setting a high value does not directly translate to higher performance. Setting the limit to a value that will not overload the external application will provide the best performance/throughput.
EnvironmentGo to top
Description: Specifies extra environment variables for the external application.
Syntax: Key=value. Multiple variables can be separated by "ENTER"

Add-ons

Table of Contents

Front Page Server Extension

Enable | Disable Admin | Domain Names | 

AWStats Integration

Update Mode | Working Directory | AWStats URI | Site Domain | Site Aliases | Update Interval | Update Offset | Secured Connection | Authorization Realm | 

EnableGo to top
Description: Specifies whether to enable Microsoft FrontPage Server Extensions. When enabled, Microsoft FrontPage can be used to publish web content. A web administration console is available at URL http://your.domain/_vti_bin/_vti_adm/fpadmcgi.exe.

Additional FrontPage Server Extensions packages must be installed in order to make this work properly.
Syntax: Select from radio box
See Also: Disable Admin, Domain Names
Disable AdminGo to top
Description: Specifies whether to disable the web administration console for Microsoft FrontPage Server Extensions. The web administration console is available at URL
http://your.domain/_vti_bin/_vti_adm/fpadmcgi.exe.
Additional FrontPage Server Extensions packages must be installed in order to make it work properly.
Syntax: Select from radio box
Tips: [Security] Disable the administration console when you no longer need to manage users or change configurations.
See Also: Enable, Domain Names
Domain NamesGo to top
Description: Specifies the virtual servers that provide Front Page Server Extensions service. When a web site is assigned to multiple domain names or service ports, FrontPage access is only available to the domain name and port combinations specified in this list.

Additional FrontPage Server Extensions packages must be installed in order to make it work properly.
Syntax: Domain_name:port[, ...] The virtual server name is comprised of domain name and port number.
Example: For a web site with domain name "www.mydomain.com" accessible via both HTTP and HTTPS connections, the name list should be something like:
www.mydomain.com:80, www.mydomain.com:443
See Also: Disable Admin, Enable
AWStats IntegrationGo to top
Description: AWStats is a popular log analyzer that generates advanced web server statistics. LiteSpeed web server seamlessly integrates AWStats into its WebAdmin console.
Update ModeGo to top
Description: Specifies how AWStats statistics are being updated:
  • Disabled: AWStats is disabled. Statistics will not be updated.
  • Static: Static HTML pages will be created after the statistics have been updated.
  • Dynamic: The statistics will be updated, but static pages will not be created. HTML pages will be generated dynamically by the CGI script awstats.pl.
Syntax: Select from drop down list
Working DirectoryGo to top
Description: Specifies the "DataDir" parameter in the AWStats configuration file. All results files and AWStats databases will be stored there. This directory should be writable by the owner of the document root of this virtual host. Usually the working directory should be set to under the virtual host root like $VH_ROOT/awstats/.
Syntax: A path which can be absolute, or relative to $SERVER_ROOT, or relative to $VH_ROOT.
AWStats URIGo to top
Description: Specifies the URI where the AWStats results can be accessed in this virtual host.
Syntax: uri
Example: If this URI is set to /awstats/ for the virtual host www.example.com, then the full URL to the AWStats page would be http://www.example.com/awstats/.
Tips: The URI should be unique on this virtual host. Otherwise, overlapped content will be inaccessible.
Site DomainGo to top
Description: Specifies the main domain name of this web site. It controls the "SiteDomain" parameter in AWStats's configuration file. It is used by Awstats to generate full URL paths. If not set, the name of this virtual host will be used.
Syntax: domain name
Site AliasesGo to top
Description: Specifies all other possible domain names, IP addresses, and host aliases that this virtual host can be accessed with. This value is used to populate the "SiteAliases" parameter in AWStats configuration. It is used to analyze the referrer field in log files and to help AWStats to decide if a referrer URL is a local or external URL. For best performance, use the the minimum number of possible name/address combinations.
Syntax: A list of domain names and IP addresses.
Example: www.myserver.com localhost 127.0.0.1 REGEX[mydomain\.(net|org)$]
Update IntervalGo to top
Description: Specifies how often AWstats statistics are updated. Options are daily or hourly.
Syntax: Select from drop down list
Update OffsetGo to top
Description: Specifies when the update should be performed during the Update Interval.
Syntax: Number of seconds.
Example: Set this to 3600 to start statistic processing at 1AM for "Daily" update.
Tips: If many virtual hosts are hosted on one server, it is recommended to spread out the "Update Offset" to avoid multiple AWstats processes running at the same time and server overload. Log processing is a CPU and I/O intensive task.
Secured ConnectionGo to top
Description: Specifies whether HTTPS is used to access AWstats statistics.
Syntax: Select from radio box
Authorization RealmGo to top
Description: Specifies an authorization realm for the statistical results. When specified, only authorized users can view the results.
Syntax: Select from drop down list

Rewrite

Table of Contents

Rewrite Control

Enable Rewrite | Rewrite Log Level | 

Rewrite Map

Name | Location | 

Rewrite Rules

Rewrite Rules | 

Enable RewriteGo to top
Description: Specifies whether to enable LiteSpeed's URL rewrite engine. This option can be customized at virtual host- and context-level, and is inherited along the directory tree until it is explicitly overridden.
Syntax: Select from radio box
Rewrite Log LevelGo to top
Description: Specifies the level of detail of the rewrite engine's debug output. This value ranges from 0 - 9. 0 disables logging. 9 produces the most detailed log. The server and virtual host's error log Log Level must be set to at least INFO for this option to take effect. This is useful when testing your rewrite rules.
Syntax: Integer number
See Also: Server Log Level, Virtual Host Log Level
NameGo to top
Description: Specifies a unique name for the rewrite map at the virtual host level. This name will be used by a mapping-reference in rewrite rules. When referencing this name, one of the following syntaxes should be used:
$\{MapName:LookupKey\}
$\{MapName:LookupKey|DefaultValue\}

The implementation of LiteSpeed's rewrite engine follows the specifications of Apache's rewrite engine. For more details about rewrite maps, please refer to Apache's mod_rewrite document.
Syntax: string
LocationGo to top
Description: Specifies the location of the rewrite map using the syntax MapType:MapSource.
LiteSpeed's rewrite engine supports three types of rewrite maps:
  • Standard Plain Text
    MapType: txt;
    MapSource: file path to a valid plain ASCII file.
    Each line of this file should contain two elements separated by blank spaces. The first element is the key and the second element is the value. Comments can be added with a leading "#" sign.
  • Randomized Plain Text
    MapType: rnd;
    MapSource: file path of a valid plain ASCII file.
    File format is similar to the Standard Plain Text file, except that the second element can contain multiple choices separated by a "|" sign and chosen randomly by the rewrite engine.
  • Internal Function
    MapType: int;
    MapSource: Internal string function
    4 functions are available:
    • toupper: converts lookup key to upper cases.
    • tolower: converts lookup key to lower cases.
    • escape: perform URL encoding on lookup key.
    • unescape: perform URL decoding on lookup key.
  • The following map types available in Apache have not been implemented in LiteSpeed: Hash File and External Rewriting Program.
The implementation of LiteSpeed's rewrite engine follows the specifications of Apache's rewrite engine. For more details about rewrite map, please refer to Apache's mod_rewrite document.
Syntax: string
Rewrite RulesGo to top
Description: Specifies a list of rewrite rules at virtual host or context level. A rewrite rule is comprised of one RewriteRule directive and optionally preceded by multiple RewriteCond directives.
  • Each directive should take only one line.
  • RewriteCond and RewriteRule follow Apache's rewrite directive syntax. Just copy and paste rewrite directives from your Apache configuration files.
  • There are minor differences between LiteSpeed and Apache mod_rewrite implementation:
    • %\{LA-U:variable\} and %\{LA-F:variable\} are ignored by the LiteSpeed rewrite engine
    • two new server variables are added in the LiteSpeed rewrite engine: %\{CURRENT_URI\} represents the current URI processed by the rewrite engine and %\{SCRIPT_NAME\} has the same meaning as the corresponding CGI environment variable.
The implementation of LiteSpeed's rewrite engine follows the specifications of Apache's rewrite engine. For more details about rewrite rules, please refer to Apache's mod_rewrite document and Apache's URL rewriting guide.
Syntax: string

STAY CONNECTED