Search results

Yes, they're fine on LSWS 5.3.1 build 3. Thank you!

Hello, We've received a report from a client that CORS headers stopped showing up, following our update to LSWS 5.3.1: After switching back to LSWS 5.3, the CORS headers appeared again. No further details were provided, but I can ask the client, if necessary to investigate further. Is this a...

Hello, We're looking to setup a geo-located cPanel cluster for a client and found XtendWeb, which we'll test first, before using it in production. This kind of setup provides LEMP stack redundancy and syncs the /home folder to the slave. The master server can and will use LiteSpeed Web Server...

Thnaks for the quick reply! Is there something I need to set/change under Configuration » Rack/Rails as well or is that irrelevant when CL Selector is in use? Attached are my current settings.

In LSWS 5.2, this feature has made appearance: Added support for CloudLinux ruby/python selector. While it's something that our clients have been waiting for since a long time, I couldn't figure out how to set it up. I haven't found anything in the ducumentation. As of today it's urgent for us...

It doesn't; it's just a single certificate (of the domain). WHM also doesn't allow to paste more than one certificate.

In WHM » SSL/TLS » Install an SSL Certificate on a Domain, I've pasted the SSL certificate, clicked on the "Autofill by Certificate" button and installed the SSL with the existing CA bundle. I've also tried by pasting the content of the following files under the "Certificate Authority Bundle"...

Since a while, I've noticed the following error occurring hundreds of times in the error_log: 2016-06-13 09:49:52.618 [ERROR] /var/cpanel/ssl/installed/certs/***snipped***.crt: OCSP_basic_verify() failed: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found About 95% of...

Thank you for pointing that out. :) I guess there might have been a bug previously that still allowed mod_userdir to work on the shared IP, as we had MPM Prefork enabled since almost 2 years and mod_userdir was still working on the shared IP until a few days ago. At least now I know that wasn't...

mod_userdir works properly with those modules disabled. Is this just a temporary work-around? MPM Prefork is enabled in the EasyApache profile and listed as recommended. I'd rather not have it disabled, as mod_userdir worked properly before with MPM Prefork enabled.

Hello, We've received reports from clients that mod_userdir no longer works since a few days, which relates to the date when we've updated to LSWS 5.0.7. I remember there was a similar bug in LSWS 4.2.13 in 2014, where mod_userdir didn't work. The mod_userdir protection in cPanel is disabled...

I was able to start LSWS after re-installing it. The whole configuration and tweaks are lost, but at least LSWS starts again.

Hello, The VPS of a client had a kernel crash today and I think since then Apache was suddenly in use, instead of LSWS. I've tried to switch back to LSWS using the WHM plugin, but it fails with this error: Apache Stopped. read(): No such file or directory read(): Invalid argument [ERROR]...

Thank you very much, the login page loads up properly now.

Hello, Yesterday we've updated to LSWS 5.0.5 and this morning a client has reported that the backend login pages of all his Shopware websites no longer load. The login page loads only partially, but the input fields, which seem to load via AJAX or something similar, don't load at all. After...

Well, LSWS can figure out the user's real IP by reading the X-Forwarded-For header, but unfortunately, a firewall like CSF cannot do this, as it sees the request coming from CloudFlare and the traffic passes through. Comodo have confirmed that their rules can be adjusted to use "drop" instead...

Hello, Over the past 2 or 3 years, we've seen a dramatic increase in distributed brute force attacks towards WordPress websites and DoS attacks towards xmlrpc.php files. As you may know, these attacks send several requests per second and last for a few hours and sometimes even days. This often...

The cipher suite negotiates which network security settings and protocols to use, so it indeed needs to be changed. Not just because of this vulnerability, but as a common security practice. The same cipher suite should work fine for Apache, FTP, Email, etc.

I've heard that an updated version of 4.2.17 was released to support SSLProtocol and SSLCipherSuite. I can confirm that this update worked for us and SSLv3 is now disabled. This is what we've done so far: Update LSWS: /usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.18 Edit: LSWS 4.2.18 was...

Thanks for the quick fix! It's greatly appreciated.