Security Features Built into LiteSpeed Web Server 2020-01-03 20:11:10 LiteSpeed's security features keep you in control, and keep your systems safe from attack.

Built-In Security Features

LiteSpeed's security features keep you in control, and keep your systems safe from attack.

Mitigate Early Attack.png
LiteSpeed Web Server Gives You The Power to Close Vulnerabilities

Mitigate Attacks Early

ModSecurity Request Filtering
LiteSpeed Web Server offers excellent ModSecurity compatibility, allowing sophisticated rules for filtering out attacking requests by checking for known attack signatures. LiteSpeed Web Server supported with Atomic Secured Linux and the Atomicorp Realtime ModSecurity Rules.
External Application Resource Control
With LiteSpeed, you can set caps on external application resource usage, preventing DoS attacks (like forkbombs) that target your applications.
Deny Buffer Overrun Attempts
LiteSpeed Web Server's compiler detects buffer overrun attempts and terminates the application instead of allowing code to be injected into headers.
LSWS can achieve results similar to CageFS without CloudLinux through external application chroot or running all of LSWS from a chroot jail, though this requires individual configuration for each user.

More Secure Shared Hosting

CloudLinux CageFS Compatibility
LiteSpeed and CloudLinux share a strong partnership and LSWS is fully compatible with CageFS, allowing administrators to keep users safely separated from each other — even if one site is hacked, it won't be able to access other users' files.
Turn Off CGI Completely
CGI scripts can be a large vulnerability, especially for shared hosts. LiteSpeed's unique DisableCgiOverride directive allows you to turn off CGI and make sure your users don't turn it back on (using the Options directive) — security Apache and nginx don't offer.
Restrain Virtual Hosts
LiteSpeed's Restrained setting stops sites from accessing files outside of their own virtual host root.
Control Symlinks
Symbolic link settings let you to disable symlinks altogether, allow them only when they connect to files with the same owner, or make sure they are checked against access denied lists.
Be Strict About Ownership
Our strict ownership checking can make sure that any file accessed is owned by the owner of the virtual host, whether accessed via symlink or not.

Control What Files Are Served

Request Checking
"/." is not allowed in a decoded URL, blocking outsiders from seeing hidden files (like .htaccess files).
Restrict by Permission Mask
Server-wide settings allow you to set required and restricted permission masks, preventing the server from serving files with certain permission masks. This can be applied to scripts, static files, and/or script directories.

accelerate internet

Accelerate Your Internet Now!