LiteSpeed Web Server Release Log 2024-06-26 18:52:32 LiteSpeed Web Server is constantly updated with new features and bug fixes. This is a detailed list of changes, arranged by date and version number.

LiteSpeed Web Server
Release Log

Join the "LiteSpeed Edge Users" Google Group for cutting-edge build notifications, or see our wiki for detailed build information.

LiteSpeed Web Server (LSWS) is constantly updated with new features and bug fixes.

  • LSWS 6.3(06-26-2024) New Features, Improvements & Bugfixes

    • NEW FEATURE CGI/External app resource limits via cgroups.
    • NEW FEATURE CGI/External app file system restrictions via namespace containers.
    • NEW FEATURE Advanced anti-DDoS features to protect against request flooding.
    • NEW FEATURE Firewall controller to block detected robots at the firewall level.
    • NEW FEATURE Easy front end CDN ( or Cloudflare) detection.
    • IMPROVEMENT Avoid HTTP/2 stream I/O buffer bloating.
    • IMPROVEMENT HTTP2/HTTP3 priority (RFC 9218) integration.
    • IMPROVEMENT Drain request body to avoid browser errors in special cases.
    • IMPROVEMENT Stop _recaptcha process after idling for 5 minutes.
    • BUGFIX Automatically fix apache2.service override for Plesk.
    • BUGFIX Address a ProxyPass corner case that resulted in redirection looping.
    • BUGFIX Avoid caching partial responses due to interrupted proxy connections.
    • BUGFIX Address rewrite rule compatibility issues with Plesk WP toolkit hotlink protection.
    • BUGFIX Address a corner case in multi-part POST parser.
    • BUGFIX Address a corner case in access logging.
  • LSWS 6.2.2 (Stable)(04-03-2024) New Features, Improvements & Bugfix

    • NEW FEATURE Add chunked encoding support for proxying request body to backend.
    • NEW FEATURE Add cache vary on request header value, automatically vary on header 'X-Http-Method-Override'.
    • NEW FEATURE Add detection for flag file 'admin/tmp/.stay_with_lsws' used to prevent automatically switching back to Apache when encountering a licensing issue.
    • IMPROVEMENT Apply server level log rotation setting to Modsec audit log.
    • IMPROVEMENT Do not force URL trailing slash for requests to Node.js applications.
    • IMPROVEMENT Make Node.js startup script compatible with older Node.js versions.
    • BUGFIX Address failure to switch back to Apache issue, "on-failure" restart for Systemd service is now disabled.

    LSWS 6.2.1(02-27-2024) New Feature, Improvement & Bugfixes

    • NEW FEATURE Add hCaptcha support for reCAPTCHA validation.
    • IMPROVEMENT Add support for .mjs nodeJS application startup file.
    • BUGFIX Address a crash related to SecRemoteRules handling.
    • BUGFIX Address a rare corner case causing HTTP/3 responses to hang.

    LSWS 6.2(12-06-2023) New Features, Improvements, Security, Tunings & Bugfixes

    • NEW FEATURE Update HTTP/3 implementation to support QUICv2 protocol.
    • NEW FEATURE mod_security engine now has an option to use RE2 instead PCRE regex engine.
    • NEW FEATURE Add vhost level max request body length and max dynamic response length configurations.
    • NEW FEATURE Add vhost level dedicated PHP handler configuration option.
    • NEW FEATURE Add support for rewrite flags "BNP", "backrefnoplus", "BCTLS", and "BNE".
    • IMPROVEMENT Improve reCAPTCHA custom error page handling to avoid expensive dynamic processing.
    • IMPROVEMENT Add missing access log format following Apache spec.
    • IMPROVEMENT Enhance Apache expression support with dynamic regular expression matching.
    • IMPROVEMENT Apache expression support in RewriteCond.
    • IMPROVEMENT Virtual host level reCAPTCHA trigger by concurrent connections.
    • SECURITY More strict request header validation.
    • TUNING Add PHP 8.3 support.
    • TUNING Lift default virtual memory limit for external applications.
    • BUGFIX Fix a compatibility issue with Rack version >3.0 for Ruby applications.
    • BUGFIX Allow use of stdout/stderr as log file names.
    • BUGFIX Address large request header compatibility issue with PHP-FPM.
    • BUGFIX Minor bug fixes to cache engine, mod_security engine, and request handling.
  • LSWS 6.1.2 (Stable)(05-24-2023) Improvements, Tuning & Bugfixes

    • IMPROVEMENT Allow total header sizes > 64KB.
    • IMPROVEMENT Add support for websocket upgrade using <LocationMatch> and ProxyPassMatch (used by Plesk).
    • IMPROVEMENT Add support for Unix domain socket proxy target address (used by DirectAdmin).
    • TUNING Better handling of buggy HTTP/2 clients with poor flow control implementations.
    • BUGFIX Address a corner case in LSAPI 304 response handling.
    • BUGFIX Address unique ID duplication in mod_security audit log.
    • BUGFIX Address a corner case in mod_security request header matching.
    • BUGFIX Address a license key verification issue during server reboot.
    • BUGFIX Update ls-qpack to address a corner case.
    • BUGFIX Address a request header parser corner case for a look-alike header.
    • BUGFIX Address broken mailman support for Plesk.
    • BUGFIX Address two corner cases in layer 4 proxy.
    • BUGFIX Address an issue with proxy forwarding to the Plesk admin panel.

    LSWS 6.1.1(04-12-2023) New Features, Improvements & Bugfixes

    • NEW FEATURE Add SSL strict SNI mode option to fail SSL connections when there is no vhost level SSL certificate.
    • NEW FEATURE Add a vhost level AllowBlockedUrl option to allow blocked URL passthrough.
    • IMPROVEMENT Add support for unix domain socket for redis dynamic vhost.
    • IMPROVEMENT Update WebAdmin Console login to use BCRYPT password hash.
    • IMPROVEMENT Add support for "Require local" configuration directive.
    • BUGFIX Avoid blocking on socket read for internal fetcher.
    • BUGFIX Address broken "RewriteOption inherit" corner case.
    • BUGFIX Address duplicate unique ID field in mod_security audit log.
    • BUGFIX Address a python application frequent restart issue.
    • BUGFIX Address a python application upload hang issue.
    • BUGFIX Fix SecRemoteRules certificate verification failure.
    • BUGFIX Fix broken sub-directory password protection configuration for Plesk WordPress toolkit.
    • BUGFIX Address an issue switching apache/lsws systemd unit file for Plesk.
    • BUGFIX Address an issue with Plesk watchdog monitoring httpd service.

    LSWS 6.1(01-09-2023) New Features, Improvements, Tuning & Bugfixes

    • NEW FEATURE Add PROXY protocol support.
    • NEW FEATURE Add custom response status code support.
    • NEW FEATURE Apply OOMScoreAdjust for lsws service to avoid being OOM killed.
    • NEW FEATURE Trigger reCAPTCHA through mod_security engine via an environment variable.
    • IMPROVEMENT Inherit .htaccess belonging to parent context.
    • IMPROVEMENT Make SSI environment available to included CGIs/scripts.
    • IMPROVEMENT Add conditional access logging using Expression.
    • IMPROVEMENT Configurable reCAPTCHA timeout.
    • IMPROVEMENT Add "DisableForwardedIpBan" Apache style configuration directive to avoid blocking IPs forwarded by front-end proxies.
    • IMPROVEMENT Enhance 'disableCgiOverride' to cover options +ExecCGI and +Include.
    • IMPROVEMENT Add Apache style configurations "LogKeepDays" and "LogCompressArchive".
    • IMPROVEMENT Escape multiline STDERR messages.
    • IMPROVEMENT Detect update failures in
    • IMPROVEMENT Improve WebAdmin Console realtime stats with a new JavaScript library.
    • TUNING Disable TLSv1.1 by default.
    • BUGFIX Set "HOME" environment for CGI/External apps when possible.
    • BUGFIX Fix connection timeout false-positives for active HTTP3 connections.
    • BUGFIX Fix domain limited licensing for Plesk servers.
    • BUGFIX Update lsquic to v3.3.0 .

    LSWS 6.1 RC3(12-07-2022) New Feature, Improvements & Bugfixes

    • NEW FEATURE Add custom response status code support.
    • NEW FEATURE Apply OOMScoreAdjust for lsws service to avoid having the server killed when low on memory.
    • IMPROVEMENT Escape multiline STDERR messages.
    • IMPROVEMENT Add "DisableForwardedIpBan" Apache style configuration directive to avoid blocking IPs forwarded by front-end proxies.
    • BUGFIX Address a few corner cases in HTTP/3 implementation.
    • BUGFIX Address an HTTP/2 decoder bug.
    • BUGFIX Include all bug fixes applied to 6.0.12 stable releases.

    LSWS 6.1 RC2(10-07-2022) New Feature, Improvements & Bugfixes

    • NEW FEATURE PROXY protocol support.
    • IMPROVEMENT Make SSI environment available to included CGIs/scripts.
    • IMPROVEMENT Enhance 'disableCgiOverride' to cover options +ExecCGI and +Include.
    • IMPROVEMENT Better handling of content-type with charset.
    • IMPROVEMENT Add "x-frame-options" header for reCAPTCHA page.
    • BUGFIX Inherit .htaccess belonging to parent context.
    • BUGFIX Address bad target URL with native proxy configuration for '/' context.
    • BUGFIX Avoid installing Ruby Rack 3.0 gem to avoid compatibility issues.
    • BUGFIX Avoid using IPv6 mapped IPv4 addresses for HTTP/3 connections.
    • BUGFIX Address memory leak in QUIC SHM.

    LSWS 6.1 RC1 Dev(08-17-2022) New Feature, Improvements, Tuning & Bugfixes

    • NEW FEATURE Trigger reCAPTCHA through mod_security engine via an environment variable.
    • IMPROVEMENT Add parent context .htaccess inheritance.
    • IMPROVEMENT Add conditional access logging using Expression..
    • IMPROVEMENT Configurable reCAPTCHA timeout.
    • IMPROVEMENT Add "LogKeepDays", "LogCompressArchive" Apache style configurations.
    • TUNING Disable TLSv1.1 by default.
    • BUGFIX Set "HOME" environment for CGI/External apps when possible.
    • BUGFIX Update lsquic to the latest v3.1.2 release.
    • BUGFIX Include all bug fixes applied to 6.0.12 stable releases.
  • LSWS 6.0.12 Stable(05-12-2022) Securities, Improvements, Tunings & Bugfixes

    • SECURITY Address a few crashes and memory leaks in HTTP/3 implementation.
    • SECURITY Add more strict virtual host name validation in WebAdmin to address a potential XSS vulnerability.
    • IMPROVEMENT Add server level control to return 404 or 403 when directory auto-index is disabled.
    • IMPROVEMENT Better stale cache purge handling.
    • IMPROVEMENT Add pagination for long auto indexed pages.
    • IMPROVEMENT Support following ErrorDocument customizations in .htaccess for early stage internal errors.
    • TUNING Enable suEXEC for PHP 8.1 by default.
    • TUNING Do not enable cPanel HTTP server monitoring in update script.
    • TUNING Adjust internal shell scripts for better ubuntu compatibility.
    • BUGFIX Address broken alt-python application caused by the new way virtualenv was built.
    • BUGFIX Address broken vhost level mod_security configuration.
    • BUGFIX Address random crashes in mod_security engine.
    • BUGFIX Address a rare multi-threaded mod_security engine race condition.
    • BUGFIX Add more validation checks to avoid accidentally killing system process when stopping detached external application processes.
    • BUGFIX Improve auto index script to avoid calling function ini_set().
    • BUGFIX Address crashes in ESI/SSI engine.
    • BUGFIX Address POST cache issues.
    • BUGFIX Block request header "transfer-encoding: chunked" for HTTP/2 and HTTP/3.
    • BUGFIX Enforce HTTP authentication for OPTIONS requests.

    LSWS 6.0.11(11-10-2021) New Feature, Improvements & Bugfixes

    • NEW FEATURE Add websocket proxy target support for rewrite rules.
    • IMPROVEMENT Improve HTTP/2 upload throughput.
    • IMPROVEMENT Improve HTTP/3 upload throughput.
    • BUGFIX Address HTTP/3 handshake failures.
    • BUGFIX Address an HTTP/1.1 request body chunk encoding corner case that caused unexpected 400 status for the next request made when over a keep-alive connection.
    • BUGFIX Throttle unnecessary lscache purges generated by LSCWP.
    • BUGFIX Improve script compatibility with different shell interpreters.
    • BUGFIX Avoid caching incomplete/broken homepages for more than 1 minute.
    • BUGFIX Address broken vhost level private cache lookup configuration.

    LSWS 6.0.10(10-21-2021) Improvement & Bugfixes

    • IMPROVEMENT Optimize SSL and HTTP/2 read speeds.
    • BUGFIX Address a few bandwidth throttling issues.
    • BUGFIX Address high CPU usage for server worker processes.
    • BUGFIX Address issues with ModSecurity logging and persistent variable handling.
    • BUGFIX Address a few minor HTTP/3 corner cases.
    • BUGFIX Convert chunked encoding request bodies for proxy backends.
    • BUGFIX Address a Server Side Includes corner case that could sometimes truncate large files.
    • BUGFIX Do not block client access if reCAPTCHA is not properly configured when using WP full protection.

    LSWS 6.0.9(09-20-2021) New Feature & Bugfixes

    • NEW FEATURE Add support for 'LogRotationSize' Apache directive at the server level to control access log rotation.
    • BUGFIX Address cache engine corner case that randomly disabled cache or ignored purge requests.
    • BUGFIX Cache engine should no longer purge again when serving a cached page with purge headers.
    • BUGFIX Properly pass environment variables for python applications configured via CloudLinux python selector.
    • BUGFIX Update ea-ruby24 to ea-ruby27 for cPanel Ruby application manager.
    • BUGFIX Address POST requests randomly hanging.
    • BUGFIX "%{CONTENT_TYPE}" is now properly supported in Apache expressions.

    LSWS 6.0.8 (Stable)(08-13-2021) Improvements & Bugfixes

    • IMPROVEMENT Internal redirects now carry over "Last-Modified" and "Content-type" response headers set by scripts.
    • IMPROVEMENT Add "ProxyAddHeaders on|off" support to avoid sending "x-Forwarded-for" and "x-forwarded-host" proxy headers.
    • IMPROVEMENT Add `CachePost on|off` support to allow POST cache configuration in Apache configuration files.
    • IMPROVEMENT Avoid an unintended delay when processing the first request for a newly started PHP worker group.
    • BUGFIX Address a mod_security corner case causing hanging worker processes.
    • BUGFIX Disable mod_security engine for requests rewritten to ReCAPTCHA.
    • BUGFIX Address an ESI encoding corruption bug that mainly affected Prestashop caching.

    LSWS 6.0.7(07-22-2021) Bugfixes

    • BUGFIX Address additional random crashes in asynchronous mod_security engine.
    • BUGFIX Address an HTTP/3 sendfile corner case.
    • BUGFIX Address a problem with custom error page for OPTIONS request method.

    LSWS 6.0.6(07-14-2021) Improvement & Bugfixes

    • IMPROVEMENT Cleanup SSL OCSP data cache folder.
    • BUGFIX Address a few random crashes in asynchronous mod_security engine.
    • BUGFIX Address random server hangs when AIO is in use.

    LSWS 6.0.5(07-07-2021) Bugfixes

    • BUGFIX Address a random crash with asynchronous mod_security engine.
    • BUGFIX Resolve a problem with sending truncated static files over HTTP/3 connections.
    • BUGFIX Resolve a problem with purging by URL.
    • BUGFIX Address a crash when handling decoded HTTP/2 headers.

    LSWS 6.0.4(06-30-2021) Bugfixes

    • BUGFIX Address a chrome HTTP/3 connection timeout issue for long running scripts.
    • BUGFIX Address a multi-thread race condition in mod_security engine.
    • BUGFIX Detect dead HTTP/2 connections during server cool-down.
    • BUGFIX Improve request/response header name validation to avoid HTTP/2 and HTTP/3 protocol violations.

    LSWS 6.0.3(06-23-2021) New Features & Bugfixes

    • NEW FEATURE Optionally enable UNIQUE_ID environment variable for Apache mod_unique_id compatibility.
    • NEW FEATURE Add server variable REDIRECT_REQUEST_METHOD for better Apache compatibility.
    • BUGFIX Address an infinite loop when processing conditional context expressions.
    • BUGFIX Address crashes in mod_security engine, SSL session cache, and response header processing.
    • BUGFIX Address LiteSpeed worker high CPU usage due to a malloc() spinlock dead lock.
    • BUGFIX Better follow PassengerAppLogFile configuration for Python/Ruby applications.
    • BUGFIX Follow server level compressible configuration for MIME types defined in .htaccess.
    • BUGFIX Improve chunk encoded request body handling for PHP scripts.
    • BUGFIX Minor tweaks to HTTP/3 protocol.

    LSWS 6.0.2(06-07-2021) New Feature, Improvement & Bugfixes

    • NEW FEATURE Enable HTTP/3 v1 by default.
    • IMPROVEMENT Allow header customization for reCAPTCHA pages.
    • BUGFIX Keep Firefox HTTP/3 connections alive for long running scripts.
    • BUGFIX Fix Ubuntu Plesk Grafana integration.
    • BUGFIX Conditional redirect configuration now works properly.

    LSWS 6.0.1(05-26-2021) New Features & Bugfix

    • NEW FEATURE Add support for PassengerAppLogFile directive.
    • NEW FEATURE Add support for access log TTFB format "%^FB".
    • BUGFIX Python applications now have a higher priority than directory index.
    • BUGFIX Applied all bug fixes made through 6.0 build 12.

    LSWS 6.0(03-25-2021) New Features, Improvements and Bugfix

    • NEW FEATURE HTTP/3 v1 support with with DPLPMTUD, Adaptive congestion control, Delayed ACK, and zero-copy packetization.
    • NEW FEATURE Asynchronous mod_security engine.
    • NEW FEATURE Cache engine POST request caching capability.
    • NEW FEATURE Dynamic DNS lookup for external application backends.
    • NEW FEATURE Support for Apache 2.4 conditional contexts '❬If❭', '❬Ifelse❭', and '❬Else❭'.
    • NEW FEATURE Bubblewrap isolated CGI/PHP execution environments.
    • NEW FEATURE Cgroup resource throttling for CGI/PHP.
    • NEW FEATURE Support for secure websocket backend (wss://).
    • NEW FEATURE Auto whitelist IPs.
    • IMPROVEMENT Better out-of-box compatibility with Apache ProxyPass directive.
    • IMPROVEMENT ModSecurity scan response body support.
    • IMPROVEMENT ModSecurity persistent collection SHM storage.
    • IMPROVEMENT ModSecurity JSON audit log.
    • IMPROVEMENT Revamp of SSL Multi-Cert support.
    • BUGFIX All applicable bug fixes from 5.4.X releases.

    LSWS 6.0 RC3(12-09-2020) New Features, Major Improvements, Improvements

    • NEW FEATURE Support external application configuration using domain name for target address.
    • NEW FEATURE HTTP/3 draft 32 support.
    • NEW FEATURE Support for secure websocket backend (wss://).
    • MAJOR IMPROVEMENT Better Apache ProxyPass compatibility with any target domain/IP, without the need to explicitly create an external application.
    • MAJOR IMPROVEMENT HTTP/3 Delayed ACK extension has been enabled to improve performance.
    • IMPROVEMENT Better support for various ModSecurity variables.
    • IMPROVEMENT Fix various HTTP/3 congestion control corner cases to maximize throughput.

    LSWS 6.0 RC2(10-15-2020) New Feature, Major Improvements

    • NEW FEATURE ModSecurity scan response body support.
    • NEW FEATURE HTTP/3 draft 31 support.
    • MAJOR IMPROVEMENT Improve HTTP/3 throughput with DPLPMTUD, Adaptive congestion control, and zero-copy packetization.
    • MAJOR IMPROVEMENT ModSecurity persistent collection SHM storage.
    • MAJOR IMPROVEMENT Revamp of SSL Multi-Cert support.

    LSWS 6.0 RC1(07-17-2020) Major New Features, New Feature, Major Improvements, Improvement

    • MAJOR NEW FEATURE Apache 2.4 conditional context <If> <Ifelse> <Else> support.
    • MAJOR NEW FEATURE Asynchronous mod_security engine.
    • MAJOR NEW FEATURE Bubblewrap isolated CGI/PHP execution environments.
    • NEW FEATURE HTTP/3 draft 29 support.
    • MAJOR IMPROVEMENT HTTP/2 has gone through a major rewrite with more efficient header handling.
    • IMPROVEMENT Added ModSecurity JSON audit log.
  • LSWS 5.4.12 (Stable)(03-22-2021) New Feature, Security & Bugfixs

    • NEW FEATURE Auto white list IPs.
    • SECURITY Fix a bug that allowed bypassing of built-in blocked URLs.
    • SECURITY Block improperly configured user/group and commands for external apps.
    • BUGFIX Address content corruption for ESI includes.
    • BUGFIX Improve ESI parser to handle improperly escaped ESI directives.
    • BUGFIX Add SSL OCSP stapling for redis dynamic vhosts.
    • BUGFIX Address a random crash in Layer 4 forwarding to websocket backends.
    • BUGFIX cPanel webmail proxy domain email attachment uploads no longer hang.
    • BUGFIX Update wsgi-lsapi to v1.9 to address a unicode encoding problem for Django applications.
    • BUGFIX Improve NodeJS application compatibility.
    • BUGFIX Start Ruby applications through a login bash shell to apply the necessary shell environment variables.
    • BUGFIX Improve mod_security variables handling.
    • BUGFIX Improve reCAPTCHA verification protection.

    LSWS 5.4.11(11-19-2020) New Feature, Improvements & Bugfixs

    • NEW FEATURE Support for Apache configuration directive 'AuthMerging'.
    • IMPROVEMENT Support for RewriteCond operators added by Apache 2.4 which includes '>=', '<=', '-eq' , '-ge' , '-gt', '-le' , '-lt', '-ne', '-h', '-L', and '-x'.
    • IMPROVEMENT Update bundled WHM Plugin to v4.1.3 (bundled w/ cPanel plugin v2.1.2).
    • BUGFIX Do not load .htaccess from parent directories beyond document root when AllowOverride is disabled for those parent directories in Apache configuration.
    • BUGFIX Address a crash in ESI sub requests.
    • BUGFIX Avoid restoring older system file backups if a switch back to Apache has been performed.
    • BUGFIX Avoid throttling or blocking local IP.
    • BUGFIX Address occasional slow down caused by long delays added by CUBIC congestion control for HTTP/3 (QUIC).
    • BUGFIX CloudLinux App config now follow max connections configured in LSWS native App config.
    • BUGFIX Properly apply environment variable configuration for CloudLinux Node selector.
    • BUGFIX Address a false positive that was blocking IPs due to "too many new SSL connections".
    • BUGFIX Plesk webstats page now works properly.

    LSWS 5.4.10(10-07-2020) New Features, Improvements, Tunings & Bugfixs

    • NEW FEATURE Add ForceSecureCookie configuration directive to enforce "secure" and "SameSite" cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory's .htaccess file.
    • NEW FEATURE Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
    • NEW FEATURE Update cPanel plugin to automatically apply new ECC certificates generated through the plugin.
    • IMPROVEMENT Apply Expires header to a partial response for a range request.
    • IMPROVEMENT Improve PHP default handler for DirectAdmin.
    • IMPROVEMENT Update bundled WHM plugin to v4.1.2 with improved WP cache scan logic.
    • TUNING Automatically detect and neutralize bad rewrite rules that cause looping proxy to the same server.
    • TUNING Install alt-python38 wsgi-lsapi binary from source if rpm package is not available.
    • TUNING Add PHP 8.0 auto detection.
    • BUGFIX Avoid stapling expired OCSP responses.
    • BUGFIX Properly apply URL encoding for Location URL generated by a rewrite rule.
    • BUGFIX HTTP3/IETF QUIC: close immediately if crypto session can't be initialized.
    • BUGFIX Close down HTTP3/QUIC streams reset by peer in a timely manner.
    • BUGFIX Normalize IPv6 addresses to properly reuse existing listener sockets.
    • BUGFIX Update Python application handler internal URL to avoid being blocked when .py suffix is blocked.
    • BUGFIX Apply header operations for pages generated by python/nodejs applications.
    • BUGFIX Properly detect HTTP/2 GREASE frame and GREASE settings entry, avoiding protocol errors.
    • BUGFIX Avoid releasing cache objects too early.
    • BUGFIX Address a rare crash in ESI parser.
    • BUGFIX Force apply ACL configuration changes when client access level is cached in SHM.
    • BUGFIX Reset per client concurrent connection counter stored in SHM when server restarts.
    • BUGFIX For directory auto index, avoid a blank file name when special characters are in the name.

    LSWS 5.4.9(08-21-2020) New Features,Improvements

    • NEW FEATURE WHM plugin 4.1 with Let's Encrypt ECC certificate support. integration with SSL certificates synchronization.
    • NEW FEATURE Automatic CloudFlare CDN IP detection.
    • NEW FEATURE Support for bcrypt password hash for HTTP authentication.
    • IMPROVEMENT PHP version detection for cPanel FCGId PHP handler.

    LSWS 5.4.8(07-01-2020) New Features, Security, Improvements, Bug Fixes

    • NEW FEATURE Add the ability to load an extra ECC certificate for an Apache virtual host when multi-cert support is enabled.
    • NEW FEATURE Apply header modification configurations in .htaccess to dynamic responses for CloudLinux Python/Ruby/NodeJS selector application.
    • NEW FEATURE Update client IP using request header "X-Real-IP".
    • NEW FEATURE Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
    • SECURITY Block 'LD_*' environment variable overriding from .htaccess.
    • IMPROVEMENT New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0.
    • IMPROVEMENT Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
    • IMPROVEMENT Update WHM plugin to v4.0 (drops support for EasyApache 3).
    • IMPROVEMENT Make reCAPTCHA compatible with WordPress password protected pages.
    • BUGFIX Invisible reCAPTCHA now works properly with IE 11 browser.
    • BUGFIX Correct Magento LiteMage2 cache object statistics.
    • BUGFIX Address an AJPv13 hanging bug.
    • BUGFIX Enabling bandwidth throttling no longer causes rare HTTP/2 response hangs.
    • BUGFIX Properly apply UMASK configuration for external applications.
    • BUGFIX Fix a problem with Plesk log rotation when LSWS overrode Apache's rc script with a symbolic link.
    • BUGFIX NodeJS default being not properly set in httpd_config.xml no longer causes crashing.
    • BUGFIX Address issues when switching back to Apache.

    LSWS 5.4.7(04-17-2020) New Features, Security, Tunings, Bug Fixes

    • NEW FEATURE Added strict suEXEC and ownership checking on scripts.
    • NEW FEATURE Added ability to configure static/dynamic request per second limit for Apache vhost.
    • SECURITY Fixed a symbolic link attack in directory auto index script. Thank you KnownHost for the bug report. (CloudLinux user is not affected.)
    • TUNING Prevent ports 443 and 80 from being used as WebAdmin listener port.
    • TUNING Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable.
    • TUNING Automatically update /proc/sys/net/core/somaxconn to 1024 whenever server performs a fresh startup.
    • TUNING Added after=lve_namespaces.service to systemd unit file.
    • BUGFIX Fixed reCAPTCHA triggering for the first access of an allowed robot.
    • BUGFIX Added "Cache-Control: no-cache" to reCAPTCHA verification page to disallow CDN/proxy cache.
    • BUGFIX Fixed delayed .htaccess loading.
    • BUGFIX Fixed a delayed server response bug with HTTP/2.
    • BUGFIX Fixed a NodeJS websocket backend configuration bug.
    • BUGFIX Shared lib for lscmctl script is now updated on server install/update.

    LSWS 5.4.6(03-12-2020) New Features, Tunings, Bug Fixes

    • NEW FEATURE Updated HTTP/3 support to include h3-27.
    • TUNING Set mod_security RBL DNS cache to 60 seconds.
    • TUNING Disable TLSv1.1 by default.
    • TUNING Enable SSL session tickets by default.
    • TUNING No longer add ECDHE-RSA-AES128-SHA cipher automatically.
    • BUGFIX Fixed a bug that caused ProxyPass ws:// target to stop working for certain configuration combination.
    • BUGFIX Fixed a bug in HTTP/2 handling mismatched response content-length and actual reponse body size.
    • BUGFIX Fixed a false positive that triggered ACL denied for Plesk.
    • BUGFIX Fixed a regression that broke /tmp/lshttpd/swap auto cleanup.
    • BUGFIX Fixed a false positive when handling ModSecrurity SecRemoteRule.
    • BUGFIX Fixed a crash in ModSecurity using libinjection.

    LSWS 5.4.5(02-05-2020) Improvements, New Features, Updates, Bug Fixes

    • NEW FEATURE Added support for IETF HTTP/3 draft 25 (h3-25).
    • NEW FEATURE Populated GEOIP_COUNTRY_CODE environment variable using IP2Location database.
    • NEW FEATURE Added full Captcha protection for WordPress login page.
    • NEW FEATURE Optionally skip rewrite processing for Let's Encrypt verification requests.
    • NEW FEATURE Automatically patch Set-Cookie with 'secure' flag when served over HTTPS.
    • IMPROVEMENT Added 'cssDecode' and 'utf8toUnicode' transformations to ModSecurity engine.
    • IMPROVEMENT Added support for 'REQUEST_SCHEME' request variable.
    • IMPROVEMENT Added '-vb' command line option to print out version and build number.
    • UPDATE Updated WHM plugin to v3.3.7.
    • BUGFIX Fixed websockets hanging on upgrade.
    • BUGFIX Fixed a WebAdmin Console socket address validation bug.
    • BUGFIX Fixed .htaccess configuration changes failing to apply for Python/Ruby/NodeJS applications.
    • BUGFIX Environment variable names are no longer converted to uppercase for Apache SetEnv directive.
    • BUGFIX Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths.
    • BUGFIX External application process startup time is now reliably detected.
    • BUGFIX Fixed a minor regression with AHO string search.
    • BUGFIX Fixed a bug using wrong log ID in error log.

    LSWS 5.4.4(01-08-2020) New Feature, Security, Bug Fixes

    • NEW FEATURE Added support for Google QUIC Q050.
    • SECURITY Improved WebAdmin Console security by strictly checking request URLs.
    • BUGFIX Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled.
    • BUGFIX Fixed an ESI/Litemage output corruption bug.
    • BUGFIX Fixed a bug in AIO logging that caused the access log to stop working.
    • BUGFIX Fixed a bug causing 100% CPU usage for FreeBSD.
    • BUGFIX Removed an unnecessary CloudLinux CageFS mount point for "/tmp/lshttpd".
    • BUGFIX Fixed a crash caused by memory mapped files being truncated.

    LSWS 5.4.3(12-09-2019) New Features, Improvements, Bug Fixes

    • NEW FEATURE Websocket backend support via the "ProxyPass" directive.
    • NEW FEATURE Added HTTP/3 draft 24 support.
    • ENHANCEMENT Improved WordPress brute force protection when facing large botnet attacks.
    • TUNING Updated HTTP/3 QUIC engine default congestion control method to CUBIC for better performance in good network conditions.
    • UPDATE Updated WHM plugin to v3.3.5 (includes support for displaying "critical alerts").
    • BUGFIX Fixed a few bugs in HTTP/3 QUIC engine.
    • BUGFIX Fixed a bug in PID verification that failed to stop processes for detached applications.
    • BUGFIX Fixed a bug in modsecurity engine where LOGGING phase processing was bypassed if a client was using a QUIC connection.
    • BUGFIX Properly count 3 character second level domains against license domain limit.
    • BUGFIX Properly parse IPv6 mapped IPv4 addresses in request header.
    • BUGFIX Fixed missing "REMOTE_USER" request environment variable when HTTP authentication is used.
    • BUGFIX Fixed a problem with utf-8 characters in request URLs for Python applications.
    • BUGFIX Improved lock contention handling when detached mode PHP processes are started concurrently by multiple server worker processes.
    • BUGFIX Fixed an ESI sub-request bug that could stall proxy to backend communication.
    • BUGFIX Fixed a DirectAdmin userdir bug.

    LSWS 5.4.2(10-18-2019) New Features, Improvements, BugFix

    • NEW FEATURE Updated QUIC implementation to support IETF HTTP/3 draft 23.
    • NEW FEATURE BBR congestion control for QUIC and HTTP/3.
    • NEW FEATURE "Require env XXXX" access control support.
    • NEW FEATURE User/Account level bandwidth throttling for Redis dynamic virtual hosting.
    • IMPROVEMENT Further HTTPS SSL layer performance tuning.
    • IMPROVEMENT Automatically restart running PHP processes when PHP binary changes are detected.
    • IMPROVEMENT Automatically convert ea-phpXX handler configuration into a phpXX handler when an ea-php handler is not available.
    • IMPROVEMENT Improved AIO access logging to minimize disk I/O.
    • IMPROVEMENT Avoid reCAPTCHA verification on AJAX requests to minimize false positives.
    • IMPROVEMENT Built-in error and reCAPTCHA verification pages are now responsive.
    • IMPROVEMENT Remove '[' ']' enclosure for IPv6 addresses in the access log and request environment variable 'REMOTE_ADDR'.
    • IMPROVEMENT Reduced memory usage to improve server scalability.
    • IMPROVEMENT Improved accuracy of server real-time statistics.
    • IMPROVEMENT Enable SSL SHM session cache for Apache HTTPS vhost when server level SSH session cache is enabled.
    • IMPROVEMENT Disable TLSv1.0 by default for better PCI compliance.
    • IMPROVEMENT Automatically disable HTTP/2, SPDY, and QUIC for CSF messenger vhosts on port 8887.
    • IMPROVEMENT Added "SmartPush no-cookie" directive to disable cookies used for HTTP/2 and QUIC smart push.
    • IMPROVEMENT Added `lsws/logs/critical_alert` log file for writing common license errors that could cause LSWS to stop working.
    • IMPROVEMENT Improved compatibility with CloudLinux python selector.
    • IMPROVEMENT Improved modsecurity engine compatibility.
    • IMPROVEMENT Send "Alt-Svc" header advertising QUIC and HTTP/3 support only once per connection.
    • BUGFIX Fixed WordPress brute force protection bugs that were causing false positives and crashes.
    • BUGFIX Fixed a bug causing HTTP/2 requests to stall under rare conditions.
    • BUGFIX Fixed a bug causing broken non-keepalive HTTPS responses.
    • BUGFIX Fixed a Layer4 tunnel bug that caused random crashes.
    • BUGFIX Fixed Apache sometimes starting inside the lshttpd cgroup when switching from LSWS to Apache.
    • BUGFIX Fixed all LSPHP processes not being stopped when switching from LSWS to Apache.
    • BUGFIX Fixed an .htaccess cache bug that caused the server's default PHP handler to be used instead of configured per-vhost suEXEC handlers.
    • BUGFIX Per Apache vhost PHP 7.4 handler now runs in suEXEC mode.

    LSWS 5.4.1(08-15-2019) Security, New Features, Improvements, BugFix

    • SECURITY Addressed recent HTTP/2 DoS advisories. Fixed CVE-2019-9516 "0-Length Headers Leak" vulnerability. Completely blocks unaffected attacks: CVE-2019-9511 "Data Dribble", CVE-2019-9512 "Ping Flood", CVE-2019-9513 "Resource Loop", CVE-2019-9514 "Reset Flood", CVE-2019-9515 "Settings Flood", CVE-2019-9517 "Internal Data Buffering", and CVE-2019-9518 "Empty Frames Flood".
    • NEW FEATURE Updated HTTP/3 support to Internet Draft 22.
    • NEW FEATURE Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly.
    • IMPROVEMENT reCAPTCHA engine has been improved to reduce false positives.
    • BUGFIX Fixed a chunk encoding bug that could cause data corruption.
    • BUGFIX Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services.
    • BUGFIX Fixed a regression that prevented Apache vhosts from using PHP daemon mode.
    • BUGFIX Fixed a cache engine bug that failed to forward the `X-Litespeed-purge2` response header to front-end ADC cache engines.
    • BUGFIX Fixed a bug that causes Python WSGI applications to fork child processes frequently.

    LSWS 5.4(07-23-2019) New Features, Improvements

    • MAJOR IMPROVEMENT Massive HTTP/2 HTTPS performance boost (up to 5x faster than LSWS v5.3.x).
    • MAJOR NEW FEATURE Experimental HTTP/3 draft 20 support.
    • MAJOR NEW FEATURE Redis and rewrite based dynamic virtual hosting.
    • MAJOR NEW FEATURE Server level reCAPTCHA protection efficiently defends against layer-7 DDoS attacks of any size.
    • NEW FEATURE Added support for Q046 in QUIC engine.
    • NEW FEATURE HTTPS accelerator with direct dynamic TLS record packaging, improving both HTTPS throughput and TTFB without compromise.
    • NEW FEATURE HTTPS handshake offloading, improving HTTPS handshake speed and avoiding clogging the server's main event loop.
    • NEW FEATURE SO_REUSEPORT support, improving multi-worker scalability for high traffic deployments.
    • NEW FEATURE HTTPS certificate compression, reducing the size of HTTPS handshake exchange data.
    • IMPROVEMENT Improved HTTP/2 stream prioritization for a better user browsing experience.

    LSWS 5.4RC4(05-24-2019) New Features

    • NEW FEATURE Support for SO_REUSEPORT for multi-worker license.
    • NEW FEATURE HTTPS/QUIC handshake offloading.
    • NEW FEATURE TLSv1.3 certificate compression.
    • NEW FEATURE High Availability for Redis dynamic vhost setup.
    • NEW FEATURE Support for Google QUIC 046.
    • NEW FEATURE Experimental IETF QUIC draft-20.

    LSWS 5.4RC3(03-18-2019) Major New Feature, Major Improvement & Bug Fixes

    • MAJOR NEW FEATURE Dynamic Virtual Host configuration through REDIS backend.
    • MAJOR IMPROVEMENT Greatly improved HTTP/2 performance -- up to 7x faster than previous implementations.
    • BUGFIX Improved QUIC engine performance and stability.
    • BUGFIX All bug fixes and enhancements on 5.3.x branch included.

    LSWS 5.4RC2(02-04-2019) Major New Feature, Improvement, New Feature & Bug Fixes

    • MAJOR NEW FEATURE Dynamic virtual hosting through rewrite rules.
    • IMPROVEMENT Improved HTTP/2 performance.
    • NEW FEATURE QUIC proxy backend support for backend communication through QUIC.
    • BUGFIX All applicable bug fixes from the 5.3 branch.
    • BUGFIX Fixed a few server crash bugs.

    LSWS 5.4RC1(01-03-2019) New Features, Major Improvements, & Bug Fixes

    • NEW FEATURE Recaptcha verification for DDoS attack mitigation.
    • NEW FEATURE Support for Ruby/Python/Nodejs applications in native configuration.
    • NEW FEATURE Added Virtual Host level trusted IP control, managed through .htaccess.
    • MAJOR IMPROVEMENT Added LiteSpeed TLS Accelerator, maximizing HTTPS & HTTP/2 performance.
    • MAJOR IMPROVEMENT HTTP/2 performance has been improved with a better header compression/decompression work flow.
    • BUGFIX All bug fixes from LSWS 5.3.5 incremental builds included.

Privacy Policy

Privacy Policy

LiteSpeed Technologies, Inc. (aka “LiteSpeed”) is committed to protecting your privacy. This policy ("Privacy Policy" or "Policy") explains our practices for our site, ("Site"). You can visit most pages of the Site without giving us any information about yourself, but sometimes we do need information to provide services that you request. By using this Site or any products or services provided through the Site, you expressly consent to the use and disclosure of information as described in this Privacy Policy.

LiteSpeed reserves the right to revise, modify, add, or remove provisions to this Privacy Policy at any time. If we make changes to this Privacy Policy, we will update the Effective Date to note the date of such changes. LiteSpeed encourages you to review this Privacy Policy periodically for any changes. IF YOU DO NOT AGREE WITH ANY OF THE TERMS BELOW, YOU SHOULD NOT USE THIS SITE OR THE PRODUCTS OR SERVICES OFFERED BY LITESPEED TECHNOLOGIES AT THIS SITE.

Collection of Information

Personal Information.

LiteSpeed will ask you for certain “Personal Information” when you complete registration or product information request forms on the Site, including but not limited to your name, address, telephone number, email address, and credit card information. You can always choose not to provide us with the requested information, however, you may not be able to complete the transaction or use our products or services if you do not provide the information requested.

Non-Personal Information.

LiteSpeed may collect non-personally identifiable information from you such as the type of browser you use, your operating system, the screen resolution of your browser, your ISP, your IP address, which pages you view on the Site and the time and duration of your visits to the Site (collectively, “Non-Personal Information”). LiteSpeed may associate Non-Personal Information with Personal Information if you register with the Site.

User Communications.

If you communicate with us, we may collect information relating to that communication whether it takes the form of email, fax, letter, forum posting, blog comments, testimonials or any other form of communication between you and LiteSpeed or Submitted by you to the Site (collectively, “User Communications”).

Server Information.

If you use one of our software products such as LiteSpeed Web Server or LiteSpeed Web ADC, we may collect certain information concerning such software and concerning the server upon which the software operates. This information includes: (a) the licensed or unlicensed status of the software; (b) the source from which the license for the software was obtained (i.e., LiteSpeed or a LiteSpeed affiliate); or (c) information about the server upon which the software is installed including (i) the public IP address, (ii) the operating system and (iii) the use of any virtualization technologies on such server ((a) through (c) collectively, “Server Information”). Additionally, “Server Information” may also include information collected from you by LiteSpeed in the event that you request technical support services including without limitation, IP addresses, usernames, and passwords necessary to login to SSH, the root directory of the server upon which you installed the LiteSpeed software and any affected accounts including email accounts, control panel accounts, MySQL accounts, CMS accounts and other accounts.

Use and Storage of Collected Information

LiteSpeed may use Personal Information to create and authenticate your account, to respond to your requests, to provide you with customer and technical support, or to provide you with information regarding our products, services, partners, and company. You may update your Personal Information with us at any time, but we may maintain records of any Personal Information you disclose to us indefinitely, unless otherwise requested as outlined below.

We may use User Communications in the same ways we use Personal Information. If you communicate with us for a particular purpose, we may use your User Communications for that purpose. For example, if you contact us for technical support, we may use your communications to provide technical support to you. We may maintain records of User Communications you transmit to us indefinitely, unless otherwise requested as outlined below.

LiteSpeed may use Non-Personal Information to maintain, evaluate, improve and provide our Site, the Services and any other LiteSpeed products and services. We may retain Non-Personal Information indefinitely.

We may use Server Information to provide you with technical support services and to maintain, evaluate, improve and provide LiteSpeed products and services. We may also use such information to investigate unlicensed (and therefore unauthorized) uses of our software. LiteSpeed may maintain Server Information indefinitely, with the exception of usernames, passwords, and other login information given in connection with support service requests. Such login information will be purged when the ticket is closed.

Disclosure of Collected Information

LiteSpeed will only disclose Personal Information to third parties if acting under a good faith belief that such action is necessary, including but not limited to: (a) to resolve disputes, investigate problems, or comply with laws or regulations; (b) to enforce our Terms of Service; (c) to protect and defend the rights, property, or safety of our company or our users; or (d) in the event of a merger, acquisition or sale of all or substantially all LiteSpeed assets. Other than this limited activity, we do not share, sell, or rent any personal information to third parties.

You will receive notice in the form of modifications to this Policy when information about you might go to third parties other than as described in this Policy, and you always have the opportunity to contact us as set forth below if you do not wish your information to go to third parties.

LiteSpeed cannot be responsible for protecting your information if you share such information in publicly available sections of the Site such as the user forums, blog comments, or testimonials section. You should use your own judgment in disclosing this information on the Site.

Use of Cookies

“Cookies” are small pieces of information that your browser stores on your computer on behalf of a website that you have visited. Cookies may be used in order to complete transactions on our site. You can always choose not to accept cookies with the settings of your web browser, however, you may not be able to complete these transactions if you do not accept cookies.

Security of Personal Information

We use reasonable security methods to protect your personal information from unauthorized access, use or disclosure. No data transmission over the Internet or any wireless network can be guaranteed to be perfectly secure. While we try to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

LiteSpeed uses industry-standard SSL-encryption to protect sensitive data.

In the event that LiteSpeed becomes aware of a security breach, unauthorized disclosure or inadvertent disclosure concerning your information, you agree that LiteSpeed may notify you of such an event using the Personal Information previously provided.

You are responsible for maintaining your account’s security.

GDPR Notice and your Rights as Data Subject

For the purposes of the General Data Protection Regulation (the “GDPR”), in the European Union, LiteSpeed Technologies Inc. is a “data controller” of the Personal Information you provide to us for the primary purposes of providing you or your customers with our services.

For our customers and users in the European Union, by clicking the "I Accept" button or otherwise accepting the terms and conditions of our services through a clickable action or similar action, you hereby acknowledge, agree and unequivocally consent to the collection, processing, management, treatment, transfer and authorization of your Personal Information by LiteSpeed Technologies and/or its affiliates, clients, sub-processors and/or authorized third parties.

If you are a resident of Switzerland, the contact details for the data protection authorities are available here:

For European Union (EU) customers, please be reminded that the EU has not found the United States and some other countries to have an adequate level of protection of Personal Information under Article 45 of the GDPR.

The sections here below cover certain situations that you, as data subject, and we as a data controller, are most likely to encounter; but you should also carefully review the full list of data subject rights here:

  • Right to be Forgotten: You can request us to be “forgotten”; that is, to have your entire Personal Information removed from our service. If we are asked to do this, in accordance with Article 17 GDPR we will remove any Personal Information that we have collected from you as requester. We will also need to contact any third parties that process your Personal Information on our behalf, such as our cloud service providers using the adequate mechanisms. To ensure that any personal data in LiteSpeed Technologies’ possession can be removed in a timely manner, you can relay any request to be “forgotten” to us by submitting a request.
  • Right to Data Portability: In accordance with Article 20 GDPR our users located in the EU may request LiteSpeed Technologies to send them any Personal Information in our possession. In this case, we will provide you with any Personal Information that you have in a commonly used, machine-readable format.
  • Right to Data Access: As a data subject, in accordance with Article 15 GDPR you can ask LiteSpeed Technologies to confirm how and where your Personal Information is being stored and processed. You also have the right to know how such data is shared with third parties by us.
  • Right to Data Rectification: As a data subject, in accordance with Article 16 GDPR you have the right to obtain from LiteSpeed Technologies, without undue delay, the rectification of inaccurate Personal Information concerning you.
  • Right to be Informed: You have the right to be informed about the Personal Information we collect from you, and how we process it.
  • Right to Withdraw Consent: In accordance with Article 7(3) GDPR, you have the right to withdraw your consent given to us at any time.
  • Right to Object: In accordance with Article 18 GDPR you have the right to object to us processing your Personal Information for the following reasons:
    • Processing was not based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    • Direct marketing (including profiling);
    • Processing for purposes of scientific/historical research and statistics; and
    • Rights in relation to automated decision-making and profiling.
  • Automated Individual Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • Right to Complain: You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the GDPR. Furthermore, in accordance with Article 77 GDPR, if the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.

Privacy Requests

Lastly, you retain the right to access, amend, correct or delete your Personal Information where it is inaccurate at any time. To do so, please contact us as indicated in the Contact Us section. We reserve the right to charge a reasonable fee, as permitted by applicable laws and regulations, in order to comply with complex requests or repetitive requests from individual users.

Your privacy request must include, at the least, the following information: (i) your complete name, address and/or e-mail address in order for us to notify you of the response to your request; (ii) attached documents establishing your identity; and (iii) a clear and concise description of the Personal Information with regard to which you seek to enforce any of your privacy rights. If you request rectification, please indicate amendments to be made and attach documentation to back up your request.

Upon receipt of your privacy request, and after due review, we may then edit, deactivate and/or delete your Personal Information from our services for the maximum term allowed by the GDPR for each applicable case. In case of secure databases under our control where deletion is impossible, we will make such information permanently inaccessible.

Notice to California Residents

Pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”), LiteSpeed Technologies and/or its affiliates, clients, sub-processors and/or authorized third parties hereto provide the following Privacy Policy notice regarding the categories of Personal Information that we may collect and/or disclose within the preceding twelve (12) months regarding California residents who are not employees, independent contractors, owners, directors, officers, or job applicants of LiteSpeed Technologies, or emergency contacts or benefits beneficiaries of the foregoing.

Thenceforth, the CCPA provides Californians with the following rights:

  • Requests for Information: you (or your authorized agent) can request a copy of your Personal Information, including how we have collected, used, and shared your Personal Information over the past 12 months (if any), including the categories of Personal Information we collected and our purposes for doing so; the categories of sources for that information; the categories of third parties with whom we shared it for a business purpose and our purposes for doing so.
  • Your Right to Notification: under the CCPA, we cannot collect new categories of Personal Information or use them for materially different purposes without first notifying you.
  • Nondiscrimination for exercising your CCPA Rights: the CCPA prohibits us from discriminating against you for exercising your rights under the law. Such discrimination may include denying services, charging different prices or rates for services, providing a different level or quality of services, or suggesting that you will receive a different level or quality of goods or services as a result of exercising your rights.
  • Your Right to Delete Personal Information: you can request that we delete your Personal Information by contacting us. You also can request that we delete specific information, and we will honor such requests, unless a due exception applies, such as when the information is necessary to complete a transaction, verify a fraud, review a chargeback or contract for which it was collected or when it is being used to detect, prevent, or investigate security incidents, comply with laws, identify and repair bugs or ensure another consumer’s ability to exercise their free speech rights or other rights provided by law.
    • Please take into consideration that we may deny your deletion request if retaining the Personal Information is necessary for us, our affiliates or our service providers in order to:

      • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
      • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
      • Debug our products to identify and repair errors that impair existing intended functionality;
      • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
      • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
      • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
      • Comply with a legal obligation that has substantive grounds;
      • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Overall, we have, may or will collect the following categories of Personal Information from our users, customers and individuals, as necessary to fulfill our legal obligations and operational business purposes:

  • Personal information (as defined in the California Customer Records Law), such as contact information;
  • Identifiers, such as online identifier, IP address and name;
  • Internet or network activity information, such as browsing history and interactions with our and other websites and systems;
  • Geo-localization data, such as device location and IP location;
  • Audio, electronic, visual and similar information, such as video recordings and multimedia content created in connection with our business activities; and
  • Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.

International Data Transfer Notice

LiteSpeed Technologies values your users’ privacy. Although our software does not directly collect any personally identifiable information from visitors to your site, LiteSpeed may still be considered a data processor in certain jurisdictions, as user information may be temporarily cached and/or logged, as outlined in this document.

We have our headquarters in the State of Pennsylvania, United States of America (USA). Henceforth, your Personal Information may be accessed by us or our affiliates, agents, partners and third-party service providers in the USA and our locations which may or may not be located in your country of residence, and you hereby consent to such access and transfer by simple disclosure.


LiteSpeed Web Server, OpenLiteSpeed, LiteSpeed Web ADC, and related software may record IP addresses as a part of normal logging. An access log and an error log may record visitor IP addresses and URL visited. The logs are stored locally on the system where LiteSpeed server software is installed and are not transferred to or accessed by LiteSpeed employees in any way, except as necessary in providing routine technical support if you request it. This logging may be turned off through configuration. It is up to individual server administrators to come up with their own schedule for removing such logs from the file system.

Cache Solutions

Our cache plugins potentially store a duplicate copy of every web page on display on your site. The pages are stored locally on the system where LiteSpeed server software is installed and are not transferred to or accessed by LiteSpeed employees in any way, except as necessary in providing routine technical support if you request it. All cache files are temporary, and may easily be purged before their natural expiration, if necessary, via a Purge All command. It is up to individual site administrators to come up with their own cache expiration rules.

LSCache for WordPress

In addition to caching, our WordPress plugin has an Image Optimization feature. When optimization is requested, images are transmitted to a remote LiteSpeed server, processed, and then transmitted back for use on your site. LiteSpeed keeps copies of optimized images for 7 days (in case of network stability issues) and then permanently deletes them.

Similarly, the WordPress plugin has a Reporting feature whereby a site owner can transmit an environment report to our server so that we may better provide technical support.

Neither of these features collects any visitor data. Only server and site data is involved.

Support Services

Sometimes, when you request technical support, LiteSpeed may ask for login credentials to various areas of your site. You may refuse to share such credentials, however refusal may impact LiteSpeed’s ability to provide the requested support services.

Upon completion of a support ticket, LiteSpeed immediately deletes all login credentials you may have shared.

Any user data encountered by LiteSpeed is kept strictly confidential. We never provide your support ticket information to any third party without your explicit consent.

Contact Us

If you would like to update information that you have voluntarily provided to us, stop receiving information from us, or exercise any of the rights granted to you under Privacy Laws, including the EU’s General Data Protection Regulation, please e-mail