Read More

Server Tuning

Table of Contents

General

RAM Disk Path | Default SHM Directory | Bind IPv6 Only | Reverse DNS Lookup | Verify Google Bot | Secure Cookie Control

Connection

Max Connections | Max SSL Connections | Connection Timeout (secs) | Max Keep-Alive Requests | Keep-Alive Timeout (secs) | Send Buffer Size (bytes) | Receive Buffer Size (bytes)

Request/Response

Max Request URL Length (bytes) | Max Request Header Size (bytes) | Max Request Body Size (bytes) | Max Response Header Size (bytes) | Max Response Body Size (bytes)

GZIP/Brotli Compression

Enable Compression | Compressible Types | GZIP Compression Level | Brotli Compression Level

SSL Global Settings

Default Cipher Suite | SSL Strong DH Key | Enable Multiple SSL Certificates | Enable Session Cache | Session Cache Size (bytes) | Session Cache Timeout (secs) | Enable Session Tickets | SSL Session Ticket Lifetime (secs) | SSL Session Ticket Key File | OCSP Proxy | Strict SNI Certificate

SSL Dynamic SNI

SSL Dynamic Certificates Cipher Suite | SSL Dynamic Certificates Base Dir | SSL Dynamic Certificates Levels | SSL Dynamic Certificates Expire Time (secs) | SSL Dynamic Certificates Refresh Time (secs)

HTTP3/QUIC

Enable HTTP3/QUIC | QUIC SHM Directory | HTTP3/QUIC Versions | Congestion Control | Connection Flow Control Window | Max Connection Flow Control Window | Stream Flow Control Window | Max Stream Flow Control Window | HTTP/3 Initial Incoming Streams | Max Concurrent Streams Per Connection | Handshake Timeout | Idle Timeout | QUIC DoS Mitigation Duration (secs) | Bad Packet Rate | New Handshake Rate | Timed Out Handshake Rate | Enable DPLPMTUD | PLPMTU Base Value | PLPMTU Max Value

RAM Disk Path

Description

Setting the RAM Disk Path allows you to designate the location of a RAM disk. A RAM disk is a world-writable directory stored in memory. A server with excess RAM can reduce disk I/O by serving content from this RAM disk. Accessing content from RAM is much faster than reading data from the disk. LSWS will use this RAM disk to optimize performance when there is enough memory available.

(The RAM disk must be designated in your OS setup before it can be used by the web server. Many Linux distributions assign /dev/shm as a RAM disk by default, but these settings depend on your OS.)

Syntax

path

Default SHM Directory

Description

Changes shared memory's default directory to the specified path. If the directory does not exist, it will be created. All SHM data will be stored in this directory unless otherwise specified.

Syntax

path

Bind IPv6 Only

Description

Only bind IPv6 for IPv6 wildcard IP addresses. When set to "Yes", IPv4 IP addresses will not be bound and will need their own listeners.

Default value: Yes

Syntax

Select from radio box

Reverse DNS Lookup

Description

Perform an IP -> Domain Name lookup for each client. This can be used in access logging.

Default value: No

Syntax

Select from radio box

Verify Google Bot

Description

Perform a PTR lookup to ensure that the reverse DNS of an IP matches Google's crawler information and bypass reCAPTCHA verification if so. Bad Google bot IPs are logged.

Default value: No

Syntax

Select from radio box

Secure Cookie Control

Description

Control whether to send cookies with the flag "secure", attribute "SameSite=Strict", and attribute "SameSite=Lax".

If both "SameSite=Strict" and "SameSite=Lax" are selected, "SameSite=Strict" will be used.

Default value: "secure"

Syntax

Select from checkbox

Max Connections

Description

Specifies the maximum number of concurrent connections that the server can accept. This includes both plain TCP connections and SSL connections. Once the maximum concurrent connections limit is reached, the server will close Keep-Alive connections when they complete active requests.

Syntax

Integer number

Tips

When the server is started by "root" user, the server will try to adjust the per-process file descriptor limits automatically, however, if this fails, you may need to increase this limit manually.

Max SSL Connections

Description

Specifies the maximum number of concurrent SSL connections the server will accept. Since total concurrent SSL and non-SSL connections cannot exceed the limit specified by Max Connections, the actual number of concurrent SSL connections allowed must be lower than this limit.

Syntax

Integer number

Connection Timeout (secs)

Description

Specifies the maximum connection idle time allowed during processing one request. The connection will be closed if it has been idle, i.e. no I/O activity, for this period of time.

Syntax

Integer number

Tips

Set this as low as you can to help recover dead connections during a potential DoS attack.

See Also

Keep-Alive Timeout (secs)

Max Keep-Alive Requests

Description

Specifies the maximum number of requests that can be served through a keep-alive (persistent) session. The connection will be closed once this limit is reached. You can set this limit for each virtual host as well.

Syntax

Integer number

Tips

Set this to a reasonably high value. A value of "1" or "0" will disable keep-alive.

See Also

Virtual Host Max Keep-Alive Requests

Keep-Alive Timeout (secs)

Description

Specifies the maximum idle time between requests from a keep-alive connection. If no new request is received during this period of time, the connection will be closed. This setting only applies to HTTP/1.1 connections. HTTP/2 connections have long keep-alive timeouts by design and are not affected by this setting.

Syntax

Integer number

Tips

We recommend that you set this value just long enough to wait for subsequent requests from a client when there are more assets referenced by a single page that need to be loaded. Do not set this too long hoping that the next page will be served over the keep-alive connection. Keeping many idle keep-alive connections is a waste of server resources and could be taken advantage of by (D)DoS attacks. 2-5 seconds is a reasonable range for most applications. LiteSpeed is highly efficient in a non-keep-alive environment.

Send Buffer Size (bytes)

Description

The sending buffer size of each TCP socket. 512K is the maximum allowed buffer size.

Syntax

Integer number

Tips

It is recommended to leave this value as "Not Set" or set to 0 to use the operating system's default buffer size.
If your web site serves large static files, increase the send buffer size to improve performance.
Setting this to a lower value will reduce throughput and memory usage per socket allowing the server to have more concurrent sockets when memory is a bottleneck.

Receive Buffer Size (bytes)

Description

The receiving buffer size of each TCP socket. 512K is the maximum allowed buffer size.

Syntax

Integer number

Tips

It is recommended to leave this value as "Not Set" or set to 0 to use the operating system's default buffer size.
A large receive buffer will increase performance when processing incoming requests with large payloads, i.e. file uploads.
Setting this to a lower value will reduce throughput and memory usage per socket allowing the server to have more concurrent sockets when memory is a bottleneck.

Max Request URL Length (bytes)

Description

Specifies the maximum size of a request URL. URL is the full text address used to access a server resource including the query string. Hard limit is 65530 bytes. Values larger than this, such as 64K (6 bytes larger), will be treated as if 65530 was used.

Default value: 8192 or 8K.

Syntax

Integer number

Tips

Set it reasonably low to reduce memory usage and help identify bogus requests and DoS attacks.
2-3K is big enough for most web sites unless the HTTP GET method is used with large query strings instead of POST.

Max Request Header Size (bytes)

Description

Specifies the maximum size of an HTTP request header including request URL. Hard limit is 65530 bytes. Values larger than this, such as 64K (6 bytes larger), will be treated as if 65530 was used.

Default value: 32768 or 32K

Syntax

Integer number

Tips

Set it reasonably low to reduce memory usage and help identify bogus requests and DoS attacks.
4-8K is big enough for most web sites under normal circumstances.

Max Request Body Size (bytes)

Description

Specifies the maximum size of an HTTP request body. For a 32Bit OS, 2GB is the hard limit. For a 64Bit OS, it is virtually unlimited.

Syntax

Integer number

Tips

To help prevent DoS attacks, try to constrain this limit to only what is really needed. Your swapping space must have enough free space to accommodate this limit.

Max Response Header Size (bytes)

Description

Specifies the maximum header size of a dynamically generated response. Static assets from a backend server are considered a dynamic response. Hard limit is 65530 bytes. Values larger than this, such as 64K (6 bytes larger), will be treated as if 65530 was used.

Default value: 32768 or 32K

Syntax

Integer number

Tips

Set it reasonably low to help recognize bad responses dynamically generated by external applications.

Max Response Body Size (bytes)

Description

Specifies the maximum body size of a dynamically generated response. Static assets from a backend server are considered a dynamic response.

Syntax

Integer number

Tips

Set the limit reasonably low to help identify bad responses. It is not uncommon to malformed scripts to contain an infinite loop which leads to infinity-sized responses.

Enable Compression

Description

Enables GZIP/Brotli compression.

Default value: Yes

Syntax

Select from radio box

Tips

Enable to save network bandwidth. On average, responses can be compressed down to half of their original size.

Compressible Types

Description

Specifies what MIME types are allowed to be compressed. Leave this setting unset or enter default to use the server built-in default list which should already cover most mime-types.

Default value: text/*,application/x-javascript,application/javascript,application/xml,image/svg+xml,application/rss+xml, application/json,application/vnd.ms-fontobject,application/x-font,application/x-font-opentype, application/x-font-truetype,application/x-font-ttf,font/eot,font/opentype,font/otf,font/ttf,image/x-icon, image/vnd.microsoft.icon,application/xhtml+xml

Syntax

MIME type list separated by commas. Wild card "*" and negate sign "!" are allowed, such as text/*, !text/js.

Example

If you want to compress text/* but not text/css, you can have a rule like text/*, !text/css. "!" will exclude that MIME type.

Tips

Only allow types that will benefit from GZIP/Brotli compression. Binary files such as gif/png/jpeg images and flash files do not benefit from compression.

GZIP Compression Level

Description

Specifies the level of GZIP compression applied. Ranges from 1 (lowest) to 9 (highest).

This setting will only take effect when Enable Compression is enabled.

Default value: 6

Syntax

Number between 1 and 9.

Tips

Higher compression level will use more memory and CPU cycles. You can set it to a higher level if your machine has additional power. There is not much difference between 6 and 9, except that 9 uses many more CPU cycles.

Brotli Compression Level

Description

Controls the level of Brotli compression applied. Ranges from 0 (OFF) to 6 (highest).

This setting will only take effect when Enable Compression is enabled.

Default value: 2

Syntax

Number between 0 and 6.

Default Cipher Suite

Description

Default cipher suite for SSL certificates.

Default value: Server Internal Default (Based on current best practices)

Syntax

Colon-separated string of cipher specifications.

SSL Strong DH Key

Description

Specifies whether to use 2048 or 1024 bit DH keys for SSL handshakes. If set to "Yes", 2048 bit DH keys will be used for 2048 bit SSL keys and certificates. 1024 bit DH keys will still be used in other situations. Default is "Yes".

Earlier versions of Java do not support DH key size higher than 1024 bits. If Java client compatibility is required, this should be set to "No".

Syntax

radio

Enable Multiple SSL Certificates

Description

Allows listeners/vhosts to set multiple SSL certificates. If multiple certificates are enabled, the certificates/keys are expected to follow a naming scheme. If the cert is named server.crt, other possible cert names are server.crt.rsa, server.crt.dsa, server.crt.ecc. If "Not Set", defaults to "No".

Syntax

Select from radio box

Enable Session Cache

Description

Enables session id caching using OpenSSL's default setting. Default value is "No".

Syntax

Select from radio box

Session Cache Size (bytes)

Description

Sets the maximum number of SSL session IDs to store in the cache. Default is 1,000,000.

Syntax

Integer number

Session Cache Timeout (secs)

Description

This value determines how long a session ID will be valid within the cache before renegotiation is required. Default is 3,600.

Syntax

Integer number

Enable Session Tickets

Description

Enables session tickets using OpenSSL's default session ticket setting. Server-level setting must be set to "Yes" for Virtual Host setting to take effect.

Default values:
Server-level: Yes
VH-Level: Yes

Syntax

Select from radio box

SSL Session Ticket Lifetime (secs)

Description

This value determines how long a session ticket will be valid before a renegotiation is required. Default is 3,600.

Syntax

Integer number

SSL Session Ticket Key File

Description

Allows the SSL Ticket Key to be created/maintained by an administrator. The file must be 48 bytes long. If this option is left empty, the load balancer will generate and rotate its own set of keys.

IMPORTANT: To maintain forward secrecy, it is strongly recommended to change the key every SSL Session Ticket Lifetime seconds. If this cannot be done, it is recommended to leave this field empty.

Syntax

Path

OCSP Proxy

Description

Socket address used as the proxy server address for OCSP verification. Leave this setting unset If not using a proxy.

Default value: not set

Syntax

Socket Address

Strict SNI Certificate

Description

Specifies whether to strictly require a dedicated virtual host certificate configuration. When enabled, SSL connections to virtual hosts without a dedicated certificate configuration will fail instead of using a default catch-all certificate.

Default value: No

Syntax

Select from radio box

SSL Dynamic SNI

Description

SSL Dynamic SNI enables you to avoid using the load balancer's generic certificates by specifying a directory that the load balancer can then use to serve clients site specific certificates when handling requests.

SSL Dynamic Certificates Cipher Suite

Description

Specifies a custom cipher suite for the Dynamic SNI certificates.

Default value: Use server default ciphers

Syntax

Colon-separated string of cipher specifications.

SSL Dynamic Certificates Base Dir

Description

Sets the base directory that dynamic ssl certificates will be stored in. Certificates, keys, and CA Bundles are expected to be named "cert", "key", and "ca", respectively.

Syntax

Path

Example

$SERVER_ROOT/certStore/

SSL Dynamic Certificates Levels

Description

The number of directory levels the certificate files will be in.

This is similar to PHP's Session.save_path

Syntax

Integer number

Example

If set to 2, "example.com" would be in BaseDir/e/x/example.com/

SSL Dynamic Certificates Expire Time (secs)

Description

Sets the expire time of a dynamically loaded certificate before it is invalidated.

Syntax

Integer number

SSL Dynamic Certificates Refresh Time (secs)

Description

Sets the refresh time of a dynamically loaded certificate before it will check for file validity. If the file is removed before refresh time, the cert will be invalidated. If the file is updated before refresh time, the cert will be updated.

Syntax

Integer number

Enable HTTP3/QUIC

Description

Enables the HTTP3/QUIC network protocol server wide. Default value is Yes.

Syntax

Select from radio box

Tips

When this setting is set to Yes, HTTP3/QUIC can still be disabled at the listener level through the Open HTTP3/QUIC (UDP) port setting, or at the virtual host level through the Enable HTTP3/QUIC setting.

QUIC SHM Directory

Description

Specifies the directory used to save QUIC data to shared memory.

By default, the server's default SHM directory, /dev/shm, will be used.

Syntax

Path

Tips

A RAM based partition, such as /dev/shm, is recommended.

HTTP3/QUIC Versions

Description

A list of enabled HTTP3/QUIC versions. This setting should only be used to limit HTTP3/QUIC support to the versions listed and is best left blank.

Syntax

Comma-separated list

Example

h3-29, h3-Q050

Tips

It is recommended to leave this setting blank to have the the best configuration applied automatically.

Congestion Control

Description

The congestion control algorithm used. This can be set manually or left up to the QUIC library in use by selecting the "Default" option.

Default value: Default

Syntax

Select from drop down list

Connection Flow Control Window

Description

The initial size of the buffer allocated for a QUIC connection. Default value is 1.5M.

Syntax

Number between 64K and 512M

Tips

A larger window size will use more memory.

Max Connection Flow Control Window

Description

Specifies the maximum size that a connection flow control window buffer is allowed to reach due to window auto-tuning.

Default value is 0, which means that the value of Connection Flow Control Window is used and no auto-tuning is performed.

Syntax

0 or a number between 64K and 512M

Tips

A larger window size will use more memory.

Stream Flow Control Window

Description

The initial amount of data a QUIC connection is willing to receive per stream. Default value is 1M.

Syntax

Number between 64K and 128M

Tips

A larger window size will use more memory.

Max Stream Flow Control Window

Description

Specifies the maximum size that a stream flow control window is allowed to reach due to window auto-tuning.

Default value is 0, which means that the value of Stream Flow Control Window is used and no auto-tuning is performed.

Syntax

0 or a number between 64K and 128M

Tips

A larger window size will use more memory.

HTTP/3 Initial Incoming Streams

Description

The maximum number of incoming concurrent QUIC/H3 streams.

Default value: 100

Syntax

integer number between 10 and 1000.

Tips

This setting can be increased to help in situations where there are an abnormally large number of concurrent streams, such as inactive concurrent streams not closing when finished.

Max Concurrent Streams Per Connection

Description

The maximum number of concurrent streams allowed per QUIC connection. Default value is 100.

Syntax

Integer number between 10 and 1000

Handshake Timeout

Description

The time in seconds a new QUIC connection is given to complete its handshake, after which the connection is aborted. Default value is 10.

Syntax

Integer number between 1 and 15

Idle Timeout

Description

The time in seconds after which an idle QUIC connection will be closed. Default value is 30.

Syntax

Integer number between 10 and 30

QUIC DoS Mitigation Duration (secs)

Description

How long, once triggered, the server will stay in DoS mitigation mode. After this many seconds have passed, the server will revert to it's normal mode. Set this to 0 to disable DoS Mitigation mode.

In DoS Mitigation mode, new clients are required to verify their IP address with a special 'retry' packet. Once verified, the requests proceed as normal.

Default value: 120

Syntax

Integer number between 0 and 86400

Bad Packet Rate

Description

The number of bad packets X needed in an interval of Y seconds to trigger QUIC DoS Mitigation. Supplying a value of 0 for either X or Y will disable this feature.

Default value: 4000/4

Syntax

X/Y where X is the number of events, Y is the interval in seconds (0 - 30)

New Handshake Rate

Description

The number of new handshakes X needed in an interval of Y seconds to trigger QUIC DoS Mitigation. Supplying a value of 0 for either X or Y will disable this feature.

Default value: 90/3

Syntax

X/Y where X is the number of events, Y is the interval in seconds (0 - 30)

Timed Out Handshake Rate

Description

The number of handshake timeouts X needed in an interval of Y seconds to trigger QUIC DoS Mitigation. Supplying a value of 0 for either X or Y will disable this feature.

Default value: 40/4

Syntax

X/Y where X is the number of events, Y is the interval in seconds (0 - 30)

Enable DPLPMTUD

Description

Enable Datagram Packetization Layer Path Maximum Transmission Unit Discovery (DPLPMTUD).

Background on DPLPMTUD (RFC 8899)

Default value: Yes

Syntax

Select from radio box

PLPMTU Base Value

Description

The maximum value of PLPMTU (maximum packet size without headers) in bytes that QUIC will use by default. Setting this to 0 will allow QUIC to pick the size.

This setting should be set lower than PLPMTU Max Value.

Default value: 0

Syntax

0 or integer number between 1200 and 65527

PLPMTU Max Value

Description

The PLPMTU (maximum packet size without headers) probe upper limit in bytes. This setting is used to limit the "maximum packet size" in the DPLPMTUD search space. Setting this to 0 will allow QUIC to pick the size (By default LSQUIC assumes that MTU is 1,500 bytes (Ethernet)).

This setting should be set higher than PLPMTU Base Value.
Default value: 0

Syntax

0 or integer number between 1200 and 65527

Privacy Policy

Privacy Policy

LiteSpeed Technologies, Inc. (aka “LiteSpeed”) is committed to protecting your privacy. This policy ("Privacy Policy" or "Policy") explains our practices for our site, www.litespeedtech.com ("Site"). You can visit most pages of the Site without giving us any information about yourself, but sometimes we do need information to provide services that you request. By using this Site or any products or services provided through the Site, you expressly consent to the use and disclosure of information as described in this Privacy Policy.

LiteSpeed reserves the right to revise, modify, add, or remove provisions to this Privacy Policy at any time. If we make changes to this Privacy Policy, we will update the Effective Date to note the date of such changes. LiteSpeed encourages you to review this Privacy Policy periodically for any changes. IF YOU DO NOT AGREE WITH ANY OF THE TERMS BELOW, YOU SHOULD NOT USE THIS SITE OR THE PRODUCTS OR SERVICES OFFERED BY LITESPEED TECHNOLOGIES AT THIS SITE.

Collection of Information

Personal Information.

LiteSpeed will ask you for certain “Personal Information” when you complete registration or product information request forms on the Site, including but not limited to your name, address, telephone number, email address, and credit card information. You can always choose not to provide us with the requested information, however, you may not be able to complete the transaction or use our products or services if you do not provide the information requested.

Non-Personal Information.

LiteSpeed may collect non-personally identifiable information from you such as the type of browser you use, your operating system, the screen resolution of your browser, your ISP, your IP address, which pages you view on the Site and the time and duration of your visits to the Site (collectively, “Non-Personal Information”). LiteSpeed may associate Non-Personal Information with Personal Information if you register with the Site.

User Communications.

If you communicate with us, we may collect information relating to that communication whether it takes the form of email, fax, letter, forum posting, blog comments, testimonials or any other form of communication between you and LiteSpeed or Submitted by you to the Site (collectively, “User Communications”).

Server Information.

If you use one of our software products such as LiteSpeed Web Server or LiteSpeed Web ADC, we may collect certain information concerning such software and concerning the server upon which the software operates. This information includes: (a) the licensed or unlicensed status of the software; (b) the source from which the license for the software was obtained (i.e., LiteSpeed or a LiteSpeed affiliate); or (c) information about the server upon which the software is installed including (i) the public IP address, (ii) the operating system and (iii) the use of any virtualization technologies on such server ((a) through (c) collectively, “Server Information”). Additionally, “Server Information” may also include information collected from you by LiteSpeed in the event that you request technical support services including without limitation, IP addresses, usernames, and passwords necessary to login to SSH, the root directory of the server upon which you installed the LiteSpeed software and any affected accounts including email accounts, control panel accounts, MySQL accounts, CMS accounts and other accounts.

Use and Storage of Collected Information

LiteSpeed may use Personal Information to create and authenticate your account, to respond to your requests, to provide you with customer and technical support, or to provide you with information regarding our products, services, partners, and company. You may update your Personal Information with us at any time, but we may maintain records of any Personal Information you disclose to us indefinitely, unless otherwise requested as outlined below.

We may use User Communications in the same ways we use Personal Information. If you communicate with us for a particular purpose, we may use your User Communications for that purpose. For example, if you contact us for technical support, we may use your communications to provide technical support to you. We may maintain records of User Communications you transmit to us indefinitely, unless otherwise requested as outlined below.

LiteSpeed may use Non-Personal Information to maintain, evaluate, improve and provide our Site, the Services and any other LiteSpeed products and services. We may retain Non-Personal Information indefinitely.

We may use Server Information to provide you with technical support services and to maintain, evaluate, improve and provide LiteSpeed products and services. We may also use such information to investigate unlicensed (and therefore unauthorized) uses of our software. LiteSpeed may maintain Server Information indefinitely, with the exception of usernames, passwords, and other login information given in connection with support service requests. Such login information will be purged when the ticket is closed.

Disclosure of Collected Information

LiteSpeed will only disclose Personal Information to third parties if acting under a good faith belief that such action is necessary, including but not limited to: (a) to resolve disputes, investigate problems, or comply with laws or regulations; (b) to enforce our Terms of Service; (c) to protect and defend the rights, property, or safety of our company or our users; or (d) in the event of a merger, acquisition or sale of all or substantially all LiteSpeed assets. Other than this limited activity, we do not share, sell, or rent any personal information to third parties.

You will receive notice in the form of modifications to this Policy when information about you might go to third parties other than as described in this Policy, and you always have the opportunity to contact us as set forth below if you do not wish your information to go to third parties.

LiteSpeed cannot be responsible for protecting your information if you share such information in publicly available sections of the Site such as the user forums, blog comments, or testimonials section. You should use your own judgment in disclosing this information on the Site.

Use of Cookies

“Cookies” are small pieces of information that your browser stores on your computer on behalf of a website that you have visited. Cookies may be used in order to complete transactions on our site. You can always choose not to accept cookies with the settings of your web browser, however, you may not be able to complete these transactions if you do not accept cookies.

Security of Personal Information

We use reasonable security methods to protect your personal information from unauthorized access, use or disclosure. No data transmission over the Internet or any wireless network can be guaranteed to be perfectly secure. While we try to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

LiteSpeed uses industry-standard SSL-encryption to protect sensitive data.

In the event that LiteSpeed becomes aware of a security breach, unauthorized disclosure or inadvertent disclosure concerning your information, you agree that LiteSpeed may notify you of such an event using the Personal Information previously provided.

You are responsible for maintaining your account’s security.

GDPR Notice and your Rights as Data Subject

For the purposes of the General Data Protection Regulation (the “GDPR”), in the European Union, LiteSpeed Technologies Inc. is a “data controller” of the Personal Information you provide to us for the primary purposes of providing you or your customers with our services.

For our customers and users in the European Union, by clicking the "I Accept" button or otherwise accepting the terms and conditions of our services through a clickable action or similar action, you hereby acknowledge, agree and unequivocally consent to the collection, processing, management, treatment, transfer and authorization of your Personal Information by LiteSpeed Technologies and/or its affiliates, clients, sub-processors and/or authorized third parties.

If you are a resident of Switzerland, the contact details for the data protection authorities are available here:
https://www.edoeb.admin.ch/edoeb/en/home.html.

For European Union (EU) customers, please be reminded that the EU has not found the United States and some other countries to have an adequate level of protection of Personal Information under Article 45 of the GDPR.

The sections here below cover certain situations that you, as data subject, and we as a data controller, are most likely to encounter; but you should also carefully review the full list of data subject rights here: https://www.gdpr-info.eu/chapter-3/.

  • Right to be Forgotten: You can request us to be “forgotten”; that is, to have your entire Personal Information removed from our service. If we are asked to do this, in accordance with Article 17 GDPR we will remove any Personal Information that we have collected from you as requester. We will also need to contact any third parties that process your Personal Information on our behalf, such as our cloud service providers using the adequate mechanisms. To ensure that any personal data in LiteSpeed Technologies’ possession can be removed in a timely manner, you can relay any request to be “forgotten” to us by submitting a request.
  • Right to Data Portability: In accordance with Article 20 GDPR our users located in the EU may request LiteSpeed Technologies to send them any Personal Information in our possession. In this case, we will provide you with any Personal Information that you have in a commonly used, machine-readable format.
  • Right to Data Access: As a data subject, in accordance with Article 15 GDPR you can ask LiteSpeed Technologies to confirm how and where your Personal Information is being stored and processed. You also have the right to know how such data is shared with third parties by us.
  • Right to Data Rectification: As a data subject, in accordance with Article 16 GDPR you have the right to obtain from LiteSpeed Technologies, without undue delay, the rectification of inaccurate Personal Information concerning you.
  • Right to be Informed: You have the right to be informed about the Personal Information we collect from you, and how we process it.
  • Right to Withdraw Consent: In accordance with Article 7(3) GDPR, you have the right to withdraw your consent given to us at any time.
  • Right to Object: In accordance with Article 18 GDPR you have the right to object to us processing your Personal Information for the following reasons:
    • Processing was not based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    • Direct marketing (including profiling);
    • Processing for purposes of scientific/historical research and statistics; and
    • Rights in relation to automated decision-making and profiling.
  • Automated Individual Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • Right to Complain: You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the GDPR. Furthermore, in accordance with Article 77 GDPR, if the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.

Privacy Requests

Lastly, you retain the right to access, amend, correct or delete your Personal Information where it is inaccurate at any time. To do so, please contact us as indicated in the Contact Us section. We reserve the right to charge a reasonable fee, as permitted by applicable laws and regulations, in order to comply with complex requests or repetitive requests from individual users.

Your privacy request must include, at the least, the following information: (i) your complete name, address and/or e-mail address in order for us to notify you of the response to your request; (ii) attached documents establishing your identity; and (iii) a clear and concise description of the Personal Information with regard to which you seek to enforce any of your privacy rights. If you request rectification, please indicate amendments to be made and attach documentation to back up your request.

Upon receipt of your privacy request, and after due review, we may then edit, deactivate and/or delete your Personal Information from our services for the maximum term allowed by the GDPR for each applicable case. In case of secure databases under our control where deletion is impossible, we will make such information permanently inaccessible.

Notice to California Residents

Pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”), LiteSpeed Technologies and/or its affiliates, clients, sub-processors and/or authorized third parties hereto provide the following Privacy Policy notice regarding the categories of Personal Information that we may collect and/or disclose within the preceding twelve (12) months regarding California residents who are not employees, independent contractors, owners, directors, officers, or job applicants of LiteSpeed Technologies, or emergency contacts or benefits beneficiaries of the foregoing.

Thenceforth, the CCPA provides Californians with the following rights:

  • Requests for Information: you (or your authorized agent) can request a copy of your Personal Information, including how we have collected, used, and shared your Personal Information over the past 12 months (if any), including the categories of Personal Information we collected and our purposes for doing so; the categories of sources for that information; the categories of third parties with whom we shared it for a business purpose and our purposes for doing so.
  • Your Right to Notification: under the CCPA, we cannot collect new categories of Personal Information or use them for materially different purposes without first notifying you.
  • Nondiscrimination for exercising your CCPA Rights: the CCPA prohibits us from discriminating against you for exercising your rights under the law. Such discrimination may include denying services, charging different prices or rates for services, providing a different level or quality of services, or suggesting that you will receive a different level or quality of goods or services as a result of exercising your rights.
  • Your Right to Delete Personal Information: you can request that we delete your Personal Information by contacting us. You also can request that we delete specific information, and we will honor such requests, unless a due exception applies, such as when the information is necessary to complete a transaction, verify a fraud, review a chargeback or contract for which it was collected or when it is being used to detect, prevent, or investigate security incidents, comply with laws, identify and repair bugs or ensure another consumer’s ability to exercise their free speech rights or other rights provided by law.
    • Please take into consideration that we may deny your deletion request if retaining the Personal Information is necessary for us, our affiliates or our service providers in order to:

      • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
      • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
      • Debug our products to identify and repair errors that impair existing intended functionality;
      • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
      • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
      • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
      • Comply with a legal obligation that has substantive grounds;
      • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Overall, we have, may or will collect the following categories of Personal Information from our users, customers and individuals, as necessary to fulfill our legal obligations and operational business purposes:

  • Personal information (as defined in the California Customer Records Law), such as contact information;
  • Identifiers, such as online identifier, IP address and name;
  • Internet or network activity information, such as browsing history and interactions with our and other websites and systems;
  • Geo-localization data, such as device location and IP location;
  • Audio, electronic, visual and similar information, such as video recordings and multimedia content created in connection with our business activities; and
  • Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.

International Data Transfer Notice

LiteSpeed Technologies values your users’ privacy. Although our software does not directly collect any personally identifiable information from visitors to your site, LiteSpeed may still be considered a data processor in certain jurisdictions, as user information may be temporarily cached and/or logged, as outlined in this document.

We have our headquarters in the State of Pennsylvania, United States of America (USA). Henceforth, your Personal Information may be accessed by us or our affiliates, agents, partners and third-party service providers in the USA and our locations which may or may not be located in your country of residence, and you hereby consent to such access and transfer by simple disclosure.

Servers

LiteSpeed Web Server, OpenLiteSpeed, LiteSpeed Web ADC, and related software may record IP addresses as a part of normal logging. An access log and an error log may record visitor IP addresses and URL visited. The logs are stored locally on the system where LiteSpeed server software is installed and are not transferred to or accessed by LiteSpeed employees in any way, except as necessary in providing routine technical support if you request it. This logging may be turned off through configuration. It is up to individual server administrators to come up with their own schedule for removing such logs from the file system.

Cache Solutions

Our cache plugins potentially store a duplicate copy of every web page on display on your site. The pages are stored locally on the system where LiteSpeed server software is installed and are not transferred to or accessed by LiteSpeed employees in any way, except as necessary in providing routine technical support if you request it. All cache files are temporary, and may easily be purged before their natural expiration, if necessary, via a Purge All command. It is up to individual site administrators to come up with their own cache expiration rules.

LSCache for WordPress

In addition to caching, our WordPress plugin has an Image Optimization feature. When optimization is requested, images are transmitted to a remote LiteSpeed server, processed, and then transmitted back for use on your site. LiteSpeed keeps copies of optimized images for 7 days (in case of network stability issues) and then permanently deletes them.

Similarly, the WordPress plugin has a Reporting feature whereby a site owner can transmit an environment report to our server so that we may better provide technical support.

Neither of these features collects any visitor data. Only server and site data is involved.

Support Services

Sometimes, when you request technical support, LiteSpeed may ask for login credentials to various areas of your site. You may refuse to share such credentials, however refusal may impact LiteSpeed’s ability to provide the requested support services.

Upon completion of a support ticket, LiteSpeed immediately deletes all login credentials you may have shared.

Any user data encountered by LiteSpeed is kept strictly confidential. We never provide your support ticket information to any third party without your explicit consent.

Contact Us

If you would like to update information that you have voluntarily provided to us, stop receiving information from us, or exercise any of the rights granted to you under Privacy Laws, including the EU’s General Data Protection Regulation, please e-mail info@litespeedtech.com.