4.0 road map
 

We have been working on 4.0 feature for a while, the first public beta will be available soon. The follow main feature has been planed

• squid like disk cache (almost done, will be availabe in Beta1 release)
• SSI support (due in beta 2)
• python support with our own python LSAPI module
• ASP.NET support with our own Mono LSAPI module
• mod_security 2.0 rule parser
• Improve real-time status report
• Improve server scalability for mass hosting using control panels
• Server performance fine tuning
• native upload progress bar support, compatible with all existing non-scalable implemenation
• option to backup and version control configuration file.
• mod_macro support

If you have suggestion on new feature, please let us know.

Stay tuned. :)

Cool, my suggestion made it to the road map. I hope it will be as good as lighttpd server status page. :)

How about limit number of concurrent connectons from an IP based on filetype on a vhost level and with proxy detection? Also, a whitelist to exempt certain IPs. This would come in handy for download servers where it could limit download accelerators from overloading the server.

We do the connection limit at IP level with proxy detection now, it should be good enough for limiting download accelerators.

One useful feature that I wouldn't mind having is the possibility to define request filter rules that work on the response.

In particular the possibility to block pages that contain sensitive information.
In ModSecurity it is possible to do that with something like this:

ModSecurity 2.5.1:
SecRule RESPONSE_BODY "ODBC Error Code"

ModSecurity 1.9:
SecFilterSelective "ODBC Error Code" OUTPUT

Are you sure it is ASP.NET ? As far as I know,it will run only in Windows servers.


Anyway, good luck and I am waiting for the 4 release

Vivek

Yes, mono has ASP.NET support for Linux.

How about adding the last login date, time, and the IP? Also, on the real time log viewer, add the time the web server was restarted.

Yeah, we can do that.

These might be a bit esoteric but here goes:

1. When I see error like

2007-09-26 15:05:11.869 [NOTICE] [24.241.38.XXX:53081-0#domain.com] [SECURITY] Detected [PATTERN: 'or.+1[[:space:]]*=[[:space:]]1|or 1=1--'|'.+--'] [Msg: SQL Injection attack]

I would like to be able to link that to access log showing which page was that, string contents, was is POST or GET and any other info that might reveal who is trying what, or was this an unintentional string on normal textarea post.

2. a native way to obfuscate file path. When obfuscating folder /abc, serving a file /abc/file.jpg LS would serve it as e.g. http://virtdomain/f8085cb09db7467ba973f6b4e5d5a78d.jpg. I think this would benefit also from changing that path on-the-fly in http source ;)

3. Compile PHP: with download/compile latest APC, Xcache etc. and with version management.

4. search for logs (also access logs!).

5. switch to reverse log display (newest first).

6. Realtime update for log view (also access logs!)

7. When I get image hotlink protection message

[189.61.153.XXX:2023-1#domain.com] [HOTLINK] Reference from other web site, access denied, referrer: [www.remote.com]

I would like to know the referrer page.

8. performance analyzer: basically I would like to know what is the page requested -> sent time in ms. and if there are any suggested LS settings which would make it faster & use less resources. Something like you see in SiSoft Sandra.

Oh, a question: does the 4.0 beta/RC agree with 3.3.X version management? I'm willing to try it out for short periods on my live sites if that is so.