FCGI Security and Tweaking

[markb1439]

I know that, in cPanel, the default FastCGI configuration is said to be insecure because the PHP binary is in each virtual host. In addition, it's said that there is a lot of configuration required to make sure that unused PHP processes do not remain too long.

If I compile EasyApache with FastCGI and activate SuEXEC, and then I switch to LiteSpeed, do these same problems exist? Or does LiteSpeed handle FCGI more securely? And, in LiteSpeed, what settings do I need to tweak?

Thanks,

Mark

[webizen]

suEXEC in LiteSpeed is rather secure.

http://www.litespeedtech.com/support...api_php_suexec

[markb1439]

Thanks.

Let me clarify...what is the best way for me to set up the best LiteSpeed configuration for performance and security...

I am used to compiling in EasyApache. Should I continue to do it with suPHP, or should I use FCGI, or does it not even matter which one I choose, since LSAPI will be used in LiteSpeed anyway? Do I need to choose suEXEC in EasyApache, or does that not matter either (because LiteSpeed's architecture will be used instead).

Also, if I use LiteSpeed's cache feature, do I also need an opcode cache, or is that not necessary?

Thanks,

Mark

[webizen]

LSAPI + suEXEC is the best setup you can get (combine with performance and security). You may reference this benchmark comparison:

http://blog.litespeedtech.com/2010/01/

For it to work, you should continue to use suPHP and choose Apache suEXEC since LSWS read Apache configurations from cPanel/WHM.

LiteSpeed cache is for page caching. Opcode cache is still needed.

[markb1439]

Thank you.

Which opcode cache would you recommend? Will it work even though I compiled with suPHP? I know that, on Apache, an opcode cache will not work with suPHP.

Mark

[webizen]

EAccelerator. You need to build matching php in LSWS (LSAPI + PHP) along with EA extension. So no need to worry about suPHP.

Use the following thread for your reference:

http://www.litespeedtech.com/support...hp/t-4431.html