[markb1439]

Hi Again,

We are deploying a new server over the weekend, and we have decided that we will not even consider using LiteSpeed on it until we receive answers for the questions asked previously:

• How secure is LiteSpeed now? (In other words, how much of the mod_security functionality is missing?)
• When will additional security be added?
• When will LiteSpeed offer the full protection currently offered by Apache + mod_security?

In addition, we will probably discontinue our existing use of LiteSpeed until we get these answers. And we may still stay away from LiteSpeed if the answers are not favorable. For example, if it will still be a long time before LiteSpeed offers the same security as Apache, we'll have to take that into consideration.

We are a bit upset that we've been using LiteSpeed for some time now, thinking that it offered the full functionality of Apache in terms of security...only to find out that it does not. And we aren't even sure how much of that security it does offer, because those answers are not being provided. We feel that a major shortcoming like this should have been disclosed publicly, instead of LiteSpeed simply being advertised as a drop-in replacement for Apache, with no mention of gaping security holes and lack of full support for mod_security.

Mark