security

[Dani]

Hi,

great job with the server. My friend recommended me to change and oh did it perform as the benchmarks say. The load is about 60% lower if not more some times. The speed has increased with about 50% of before 'havent had time to play with the tuning yet'.

But have a question for the default 404, 403 etc files..

the line "Powered By LiteSpeed Web Server
Lite Speed Technologies is not responsible for administration and contents of this web site!" gets added to the bottom. Is there a way to hide the server info for security reasons? "except using cutom 404 error pages which seem to have a bug when using it on the 401 error...

[mistwang]

Thank you for your praise.

Which error page has problem? 403 or 401?

[Dani]

sorry for confusing you =) 401 gives error. for example I had a realm check on a statis link but it never reached it. I only got to the custom 401 error instead of being asked for the password. When I removed the 401 it worked without any problems.

but is it possible to hide the servername like in apache or is this embedded somehow?

[mistwang]

OK, I see.

That's due to how custom error pages was handled. The information about authentication realm was lost.

We can't fix it right now, however, there is a work around though, set the customized error page to a URL under your protected context.

[jnrey]

For security reasons I would like to hide the name of the Server. I have customized 404 and 503 pages, to no avail; it still displays "Powered By LiteSpeed Web Server Lite Speed Technologies is not responsible for administration and contents of this web site!". Is there any way to hide all this ?

Many thanks !

[brrr]

I think the ability to hide the 'Powered by LSWS' etc only comes with the Enterprise version.

[jnrey]

Well got the trial enterprise version so far, but did not see it. Can this be confirmed by anyone ?

[brrr]

Doesn't:
Configuration > Server > General > General Settings > Server Signature > Hide Full Header

do it?