Admin Listeners SSL

Admin Listeners are dedicated to the Admin Server. Secure (SSL) listeners are recommended for the Admin Server.

Table of Contents

SSL Private Key & Certificate

Private Key File | Certificate File | Chained Certificate | CA Certificate Path | CA Certificate File | 

SSL Protocol

Protocol Version | Ciphers | Enable ECDH Key Exchange | Enable DH Key Exchange | DH Parameter | 

Security & Features

SSL Renegotiation Protection | Enable SPDY/HTTP2 | 

Client Verification

Client Verification | Verify Depth | Client Revocation Path | Client Revocation File | 

SSL Private Key & CertificateGo to top
Description: Every SSL listener requires a paired SSL private key and SSL certificate. Multiple SSL listeners can share the same key and certificate.

You can generate SSL private keys yourself using an SSL software package, such as OpenSSL. SSL certificates can also be purchased from an authorized certificate issuer like VeriSign or Thawte. You can also sign the certificate yourself. That certificate will not be trusted by web browsers and should not be used on public web sites containing critical data. However, a self-signed certificate is good enough for internal use, e.g. for encrypting traffic to LiteSpeed Web Server's WebAdmin console.
Private Key FileGo to top
Description: Specifies the file name of the SSL private key file. The key file should not be encrypted.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
Tips: [Security] The private key file should be placed in a secured directory that allows read-only access to the user the server runs as.
Certificate FileGo to top
Description: Specifies the file name of the SSL certificate file.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
Tips: [Security] The certificate file should be placed in a secured directory, which allows read-only access to the user that the server runs as.
Chained CertificateGo to top
Description: Specifies whether the certificate is a chained certificate or not. The file that stores a certificate chain must be in PEM format, and the certificates must be in the chained order, from the lowest level (the actual client or server certificate) to the highest level (root) CA.
Syntax: Select from radio box
CA Certificate PathGo to top
Description: Specifies the directory where the certificates of certification authorities (CAs) are kept. Those certificates are used for client certificate authentication and constructing the server certificate chain, which will be sent to browsers in addition to the server certificate.
Syntax: path
CA Certificate FileGo to top
Description: Specifies the file that contains all certificates of certification authorities (CAs) for chained certificates. This file is simply the concatenation of PEM-encoded certificate files, in order of preference. This can be used as an alternative or in addition to CA Certificate Path. Those certificates are used for client certificate authentication and constructing the server certificate chain, which will be sent to browsers in addition to the server certificate.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
SSL ProtocolGo to top
Description: Customizes SSL protocols accepted by the listener.
Protocol VersionGo to top
Description: Specifies which version of SSL protocol will be used. You can choose from SSL v3.0 and TLS v1.0. Since OpenSSL 1.0.1, TLS v1.1 and TLS v1.2 are also supported.
CiphersGo to top
Description: Specifies the cipher suite to be used to negotiate the SSL handshake. LSWS supports cipher suites implemented in SSL v3.0, TLS v1.0, and TLS v1.2.
Syntax: Colon-separated string of cipher specifications. LSWS supports all cipher suites implemented in SSL v3.0, TLS v1.0, and TLS v1.2.
Example: ECDHE-RSA-AES128-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Tips: [Security] We recommend ECDHE-RSA-AES128-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Enable ECDH Key ExchangeGo to top
Description: Allows use of Elliptic Curve Diffie-Hellman key exchange for further SSL encryption.
Syntax: Select from radio box
Tips: [Security] ECDH key exchange is more secure than using just an RSA key. ECDH and DH key exchange are equally secure.
[Performance] Enabling ECDH key exchange will increase CPU load and is slower than using just an RSA key.
Enable DH Key ExchangeGo to top
Description: Allows use of Diffie-Hellman key exchange for further SSL encryption.
Syntax: Select from radio box
Tips: [Security] DH key exchange is more secure than using just an RSA key. ECDH and DH key exchange are equally secure.
[Performance] Enabling DH key exchange will increase CPU load and is slower than ECDH key exchange and RSA. ECDH key exchange is preferred when available.
DH ParameterGo to top
Description: Specifies the location of the Diffie-Hellman parameter file necessary for DH key exchange.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
SSL Renegotiation ProtectionGo to top
Description: Specifies whether to enable SSL Renegotiation Protection to defend against SSL handshake-based attacks. The default value is "Yes".
Syntax: Select from radio box
Enable SPDY/HTTP2Go to top
Description: HTTP/2 and SPDY are new versions of the HTTP network protocol with the goal of reducing page load times. More information can be found at: http://en.wikipedia.org/wiki/HTTP/2
Syntax: Check the protocol(s) you wish to enable. Leaving all boxes unchecked will enable SPDY and HTTP/2 support (the default). If you wish to disable SPDY and HTTP/2, check "None" only and leave all other boxes unchecked.
Client VerificationGo to top
Description: Enterprise Edition Only Specifies the type of client certifcate authentication. Available types are:
  • None: No client certificate is required.
  • Optional: Client certificate is optional.
  • Require: The client must has valid certificate.
  • Optional_no_ca: Same as optional.
The default is "None".
Syntax: Select from drop down list
Tips: "None" or "Require" are recommended.
Verify DepthGo to top
Description: Enterprise Edition Only Specifies how deeply a certificate should be verified before determining that the client does not have a valid certificate. The default is "1".
Syntax: Select from drop down list
Client Revocation PathGo to top
Description: Enterprise Edition Only Specifies the directory containing PEM-encoded CA CRL files for revoked client certificates. The files in this directory have to be PEM-encoded. These files are accessed through hash file names, hash-value.rN. Please refer to openSSL or Apache mod_ssl documentation regarding creating the hash filename.
Syntax: path
Client Revocation FileGo to top
Description: Enterprise Edition Only Specifies the file containing PEM-encoded CA CRL files enumerating revoked client certificates. This can be used as an alternative or in addition to Client Revocation Path.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.

Admin Listeners General

Admin Listeners are dedicated to the Admin Server. Secure (SSL) listeners are recommended for the Admin Server.

Table of Contents

General

Listener Name | IP Address | Port | Secure | 

Listener NameGo to top
Description: A unique name for this listener.
IP AddressGo to top
Description: Specifies the IP of this listener. All available IP addresses are listed. IPv6 addresses are enclosed in "[]". To listen on all IPv4 IP addresses, select ANY. To listen on all IPv4 and IPv6 IP addresses, select [ANY]. In order to serve both IPv4 and IPv6 clients, an IPv4-mapped IPv6 address should be used instead of a plain IPv4 address. An IPv4-mapped IPv6 address is written as [::FFFF:x.x.x.x].
Syntax: Select from drop down list
Tips: [Security] If your machine has multiple IPs on different sub-networks, you can select a specific IP to only allow traffic from the corresponding sub-network.
PortGo to top
Description: Specifies the TCP port of the listener. Only the super user ("root") can use ports lower than 1024. Port 80 is the default HTTP port. Port 443 is the default HTTPS port.
Syntax: Integer number
SecureGo to top
Description: Specifies whether this is a secure (SSL) listener. For secure listeners, additional SSL settings need to be set properly.
Syntax: Select from radio box

Servlet Context

Table of Contents

Servlet Context

URI | Servlet Engine | Extra Headers | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Cache | Cache Expire Time (seconds) | Cache Stale Age (seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (seconds) | Enable IP Geolocation | 

Servlet ContextGo to top
Description: Servlets can be imported individually through Servlet Contexts. A Servlet Context just specifies the URI for the servlet and the name of the servlet engine. You only need to use this when you do not want to import the whole web application or you want to protect different servlets with different authorization realms. This URI has the same requirements as for a Java Web App Context.
URIGo to top
Description: Specifies the URI for this context.
Syntax: The URI can be a plain URI (starting with "/") or a Perl compatible regular expression URI (starting with "exp:"). If a plain URI ends with a "/", then this context will include all sub-URIs under this URI. If the context maps to a directory on the file system, a trailing "/" must be added.
See Also: Location
Servlet EngineGo to top
Description: Specifies the name of the servlet engine that serves this web application. Servlet engines must be defined in the External Application section at the server or virtual host level.
Syntax: Select from drop down list
Extra HeadersGo to top
Description: Specifies extra response headers to be added. Multiple headers can be added, one header per line. Put "NONE" to disable headers inherited from parent content.
Syntax: "[HeaderName]: [HeaderValue]" in each line.
Example: Cache-control: no-cache, no-store
My-header: Custom header value
Allow OverrideGo to top
Description: Specifies what directives in an access control file are allowed. An access control file can be placed in a directory to control the accessibility of files under that directory.
  • When nothing is checked, inherited default settings will be used.
  • When None is checked, access control files will be ignored.
  • When Limit is checked, directives "Order", "Allow from" and "Deny from" are allowed.
  • When Auth is checked, directives "AuthGroupFile", "AuthName", "AuthType", "AuthUserFile", and "Require" are allowed.
  • When FileInfo is checked, directives "Satisfy", "AddDefaultCharset", "AddType", "DefaultType", "ForceType", "ExpiresActive", "ExpiresDefault", "ExpiresByType", "Redirect", "RedirectTemp", "RedirectPermanent", "RewriteEngine", "RewriteOptions", "RewriteBase", "RewriteCond" and "RewriteRule" are allowed
  • When Indexes is checked, directive "DirectoryIndex" is allowed
  • When Options is checked, directive "Options" is allowed

Allow Override configuration is available at three levels: server, virtual host and context. If a configuration is not checked at the server level, the controlled directives will be disabled for the whole server whether or not it is enabled at lower levels. If something is enabled at the server level, virtual hosts will inherit same settings by default. Similarly context level settings will be inherited from virtual host settings. Lower levels can disable a setting that is enabled at an upper level, but cannot enable a setting that is disabled at an upper level.
Syntax: Select from checkbox
Tips: [Performance] If there is no need for directory level configuration customization, check None.
RealmGo to top
Description: Specifies the authorization realm for this context. When specified, a valid username and password must be provided in order to access this context. Authorization Realms are set up in the Virtual Host Security section. This setting uses each realm's Realm Name.
Syntax: Select from drop down list
Authentication NameGo to top
Description: Specifies an alternative name for the authorization realm for current context. If it is not specified, the original realm name will be used. The authentication name is displayed on the browser's login pop-up.
Require (Authorized Users/Groups)Go to top
Description: Specifies which user/group can access this context. This allows you to use one user/group database (specified in Realm) across a number of contexts, but only allow certain users/groups from that database to access this context.
Syntax: Syntax is compatible with Apache's Require directive. For example:
  • user username [username ...]
    Only listed users can access this context;
  • group groupid [groupid ...]
    Only users belonging to the listed groups can access this context.
If this setting is not specified, all valid users will be able to access this resource.
Access AllowedGo to top
Description: Specifies which IPs or sub-networks are allowed to access resources under this context. Together with Access Denied and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
Access DeniedGo to top
Description: Specifies which IPs or sub-networks are NOT allowed to access resources under this context. Together with Access Allowed and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
AuthorizerGo to top
Description: Specifies an external application that can be used to generate authorized/unauthorized decisions. Currently, only the FastCGI Authorizer is available. For more details about the FastCGI Authorizer role, please visit http://www.fastcgi.com.
Syntax: Select from drop down list
Add Default CharsetGo to top
Description: Specifies whether to add a character set tag to the "Content-Type" response header, when content type is either "text/html" or "text/plain" without any parameters. When set to Off, this function is disabled. When set to On, either the character set specified by Customized Default Charset or the default "iso-8859-1" will be added.
Syntax: Select from radio box
Customized Default CharsetGo to top
Description: Specifies a character set to be used when Add Default Charset is On. This is optional. The default value is iso-8859-1. This entry has no effect when Add Default Charset is Off.
Syntax: Name of a character set, like utf-8
Example: utf-8
Enable CacheGo to top
Description: Specifies whether to turn on cache for the current context, either at the server level, virtual host level, or directory level.

Virtual hosts configured through Apache httpd.conf can use the "CacheEnable" and "CacheDisable" directives at the server, virtual host, directory, files, and location level or in .htaccess. "CacheEnable" and "CacheDisable" directives are compatible with Apache mod_cache directives. However, when used at the directory, file, or location level or in a .htaccess, "CacheEnable" and "CacheDisable" will only be applied to all directories below current level. URL parameters will be ignored.
Syntax: Select from radio box
Tips: [Performance] It is not recommended to store large objects with low hit rates in the cache. This may result in high I/O wait and reduce overall server performance.
Cache Expire Time (seconds)Go to top
Description: Specifies how long an object will be cached. The default is "86400" seconds (one day).
Syntax: Integer number
Cache Stale Age (seconds)Go to top
Description: Specifies how long an object will continue to be served after its cache has expired but bbefore the new cache is available. The default is "10" seconds.
Syntax: Integer number
Cache Request with Query StringGo to top
Description: Specifies whether to cache a request with a query string in the URL. The default is "No Cache". When a URL rewrite is involved, the server will check against the rewritten URL.
Syntax: Select from radio box
Cache Request with CookieGo to top
Description: Specifies whether to cache a request containing cookies. The default is "No Cache".
Syntax: Select from radio box
Cache Response with CookieGo to top
Description: Specifies whether to cache a response containing cookies. The default is "No Cache".
Syntax: Select from radio box
Ignore Request Cache-ControlGo to top
Description: Specifies whether to ignore Cache-Control request headers. The default is "No". If set to "Yes", the server may serve a cached object when "no-cache" has been set in Cache-Control.
Syntax: Select from radio box
Ignore Response Cache-ControlGo to top
Description: Specifies whether to ignore Cache-Control response headers. The default is "No". If set to "Yes", the response can be cached by the server even when "no-store", "private" has been set in a Cache-Control header.
Syntax: Select from radio box
Enable Private CacheGo to top
Description: Specifies whether to turn on private cache for the current context, either at server level, virtual host level, or directory level.

Private cache will cache a copy per user based on IP and cookies.
Virtual hosts configured through Apache httpd.conf can use the "CacheEnable private /url" and "CacheDisable private /url" directives at server, virtual host, directory, files, and location levels or in a .htaccess file. "CacheEnable private" and "CacheDisable private" are compatible with Apache's mod_cache directives and will be applied to all directories below the current level. However, when used at the directory, file, and location level or in a .htaccess file, "CacheEnable private" and "CacheDisable private" will be applied to all directories below the current level. URL parameters will be ignored.
Syntax: Select from radio box
Tips: [Performance] It is not recommended to store large objects with low hit rates in the cache. This may result in high I/O wait and reduce overall server performance.
Private Cache Expire Time (seconds)Go to top
Description: Specifies how long an object will be cached in private cache. The default is "60" seconds.
Syntax: Integer number
Enable IP GeolocationGo to top
Description: Enterprise Edition Only Specifies whether to enable/disable IP Geolocation lookup. It can be set at server-, virtual host-, or context-level. IP Geolocation is disabled by default when using value "Not Set".
Syntax: Select from radio box
See Also: Use Client IP in Header, DB File Path, DB Cache Type

CGI Context

Table of Contents

CGI Context

URI | Path | Extra Headers | Allow Set UID | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Rewrite | Rewrite Inherit | Rewrite Base | Rewrite Rules | Enable Cache | Cache Expire Time (seconds) | Cache Stale Age (seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (seconds) | Enable IP Geolocation | Apache Style Configurations | 

CGI ContextGo to top
Description: A CGI context defines scripts in a particular directory as CGI scripts. This directory can be inside or outside of the document root. When a file under this directory is requested, the server will always try to execute it as a CGI script, no matter if it's executable or not. In this way, file content under a CGI Context is always protected and cannot be read as static content. It is recommended that you put all your CGI scripts in a directory and set up a CGI Context to access them.
URIGo to top
Description: Specifies the URI for this context.
Syntax: The URI can be a plain URI (starting with "/") or a Perl compatible regular expression URI (starting with "exp:"). If a plain URI ends with a "/", then this context will include all sub-URIs under this URI. If the context maps to a directory on the file system, a trailing "/" must be added.
See Also: Location
PathGo to top
Description: Specifies the location of CGI scripts.
Syntax: The path can be a directory that contains a group of CGI scripts, like $VH_ROOT/myapp/cgi-bin/. In this case, the context URI must end with "/", like /app1/cgi/. The Path can also specify only one CGI script, like $VH_ROOT/myapp/myscript.pl. This script should have the corresponding URI /myapp/myscript.pl.
Extra HeadersGo to top
Description: Specifies extra response headers to be added. Multiple headers can be added, one header per line. Put "NONE" to disable headers inherited from parent content.
Syntax: "[HeaderName]: [HeaderValue]" in each line.
Example: Cache-control: no-cache, no-store
My-header: Custom header value
Allow Set UIDGo to top
Description: Specifies whether the set UID bit is allowed for CGI scripts. If the set UID bit is allowed and the set UID bit is enabled for a CGI script, no matter which user the CGI script was started on behalf of, the user ID of the CGI process will switch to the user ID of the owner of the CGI script.
The default is "Off".
Syntax: Select from radio box
Tips: [Security] Do not allow Set UID CGI scripts whenever possible, as it is inherently a security risk.
Allow OverrideGo to top
Description: Specifies what directives in an access control file are allowed. An access control file can be placed in a directory to control the accessibility of files under that directory.
  • When nothing is checked, inherited default settings will be used.
  • When None is checked, access control files will be ignored.
  • When Limit is checked, directives "Order", "Allow from" and "Deny from" are allowed.
  • When Auth is checked, directives "AuthGroupFile", "AuthName", "AuthType", "AuthUserFile", and "Require" are allowed.
  • When FileInfo is checked, directives "Satisfy", "AddDefaultCharset", "AddType", "DefaultType", "ForceType", "ExpiresActive", "ExpiresDefault", "ExpiresByType", "Redirect", "RedirectTemp", "RedirectPermanent", "RewriteEngine", "RewriteOptions", "RewriteBase", "RewriteCond" and "RewriteRule" are allowed
  • When Indexes is checked, directive "DirectoryIndex" is allowed
  • When Options is checked, directive "Options" is allowed

Allow Override configuration is available at three levels: server, virtual host and context. If a configuration is not checked at the server level, the controlled directives will be disabled for the whole server whether or not it is enabled at lower levels. If something is enabled at the server level, virtual hosts will inherit same settings by default. Similarly context level settings will be inherited from virtual host settings. Lower levels can disable a setting that is enabled at an upper level, but cannot enable a setting that is disabled at an upper level.
Syntax: Select from checkbox
Tips: [Performance] If there is no need for directory level configuration customization, check None.
RealmGo to top
Description: Specifies the authorization realm for this context. When specified, a valid username and password must be provided in order to access this context. Authorization Realms are set up in the Virtual Host Security section. This setting uses each realm's Realm Name.
Syntax: Select from drop down list
Authentication NameGo to top
Description: Specifies an alternative name for the authorization realm for current context. If it is not specified, the original realm name will be used. The authentication name is displayed on the browser's login pop-up.
Require (Authorized Users/Groups)Go to top
Description: Specifies which user/group can access this context. This allows you to use one user/group database (specified in Realm) across a number of contexts, but only allow certain users/groups from that database to access this context.
Syntax: Syntax is compatible with Apache's Require directive. For example:
  • user username [username ...]
    Only listed users can access this context;
  • group groupid [groupid ...]
    Only users belonging to the listed groups can access this context.
If this setting is not specified, all valid users will be able to access this resource.
Access AllowedGo to top
Description: Specifies which IPs or sub-networks are allowed to access resources under this context. Together with Access Denied and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
Access DeniedGo to top
Description: Specifies which IPs or sub-networks are NOT allowed to access resources under this context. Together with Access Allowed and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
AuthorizerGo to top
Description: Specifies an external application that can be used to generate authorized/unauthorized decisions. Currently, only the FastCGI Authorizer is available. For more details about the FastCGI Authorizer role, please visit http://www.fastcgi.com.
Syntax: Select from drop down list
Add Default CharsetGo to top
Description: Specifies whether to add a character set tag to the "Content-Type" response header, when content type is either "text/html" or "text/plain" without any parameters. When set to Off, this function is disabled. When set to On, either the character set specified by Customized Default Charset or the default "iso-8859-1" will be added.
Syntax: Select from radio box
Customized Default CharsetGo to top
Description: Specifies a character set to be used when Add Default Charset is On. This is optional. The default value is iso-8859-1. This entry has no effect when Add Default Charset is Off.
Syntax: Name of a character set, like utf-8
Example: utf-8
Enable RewriteGo to top
Description: Specifies whether to enable LiteSpeed's URL rewrite engine. This option can be customized at virtual host- and context-level, and is inherited along the directory tree until it is explicitly overridden.
Syntax: Select from radio box
Rewrite InheritGo to top
Description: Specifies whether to inherit rewrite rules from parent contexts. If rewrite is enabled and not inherited, rewrite base and rewrite rules defined in this context will be used.
Syntax: Select from radio box
Rewrite BaseGo to top
Description: Specifies the base URL for rewrite rules.
Syntax: URL
Rewrite RulesGo to top
Description: Specifies a list of rewrite rules at virtual host or context level. A rewrite rule is comprised of one RewriteRule directive and optionally preceded by multiple RewriteCond directives.
  • Each directive should take only one line.
  • RewriteCond and RewriteRule follow Apache's rewrite directive syntax. Just copy and paste rewrite directives from your Apache configuration files.
  • There are minor differences between LiteSpeed and Apache mod_rewrite implementation:
    • %\{LA-U:variable\} and %\{LA-F:variable\} are ignored by the LiteSpeed rewrite engine
    • two new server variables are added in the LiteSpeed rewrite engine: %\{CURRENT_URI\} represents the current URI processed by the rewrite engine and %\{SCRIPT_NAME\} has the same meaning as the corresponding CGI environment variable.
The implementation of LiteSpeed's rewrite engine follows the specifications of Apache's rewrite engine. For more details about rewrite rules, please refer to Apache's mod_rewrite document and Apache's URL rewriting guide.
Syntax: string
Enable CacheGo to top
Description: Specifies whether to turn on cache for the current context, either at the server level, virtual host level, or directory level.

Virtual hosts configured through Apache httpd.conf can use the "CacheEnable" and "CacheDisable" directives at the server, virtual host, directory, files, and location level or in .htaccess. "CacheEnable" and "CacheDisable" directives are compatible with Apache mod_cache directives. However, when used at the directory, file, or location level or in a .htaccess, "CacheEnable" and "CacheDisable" will only be applied to all directories below current level. URL parameters will be ignored.
Syntax: Select from radio box
Tips: [Performance] It is not recommended to store large objects with low hit rates in the cache. This may result in high I/O wait and reduce overall server performance.
Cache Expire Time (seconds)Go to top
Description: Specifies how long an object will be cached. The default is "86400" seconds (one day).
Syntax: Integer number
Cache Stale Age (seconds)Go to top
Description: Specifies how long an object will continue to be served after its cache has expired but bbefore the new cache is available. The default is "10" seconds.
Syntax: Integer number
Cache Request with Query StringGo to top
Description: Specifies whether to cache a request with a query string in the URL. The default is "No Cache". When a URL rewrite is involved, the server will check against the rewritten URL.
Syntax: Select from radio box
Cache Request with CookieGo to top
Description: Specifies whether to cache a request containing cookies. The default is "No Cache".
Syntax: Select from radio box
Cache Response with CookieGo to top
Description: Specifies whether to cache a response containing cookies. The default is "No Cache".
Syntax: Select from radio box
Ignore Request Cache-ControlGo to top
Description: Specifies whether to ignore Cache-Control request headers. The default is "No". If set to "Yes", the server may serve a cached object when "no-cache" has been set in Cache-Control.
Syntax: Select from radio box
Ignore Response Cache-ControlGo to top
Description: Specifies whether to ignore Cache-Control response headers. The default is "No". If set to "Yes", the response can be cached by the server even when "no-store", "private" has been set in a Cache-Control header.
Syntax: Select from radio box
Enable Private CacheGo to top
Description: Specifies whether to turn on private cache for the current context, either at server level, virtual host level, or directory level.

Private cache will cache a copy per user based on IP and cookies.
Virtual hosts configured through Apache httpd.conf can use the "CacheEnable private /url" and "CacheDisable private /url" directives at server, virtual host, directory, files, and location levels or in a .htaccess file. "CacheEnable private" and "CacheDisable private" are compatible with Apache's mod_cache directives and will be applied to all directories below the current level. However, when used at the directory, file, and location level or in a .htaccess file, "CacheEnable private" and "CacheDisable private" will be applied to all directories below the current level. URL parameters will be ignored.
Syntax: Select from radio box
Tips: [Performance] It is not recommended to store large objects with low hit rates in the cache. This may result in high I/O wait and reduce overall server performance.
Private Cache Expire Time (seconds)Go to top
Description: Specifies how long an object will be cached in private cache. The default is "60" seconds.
Syntax: Integer number
Enable IP GeolocationGo to top
Description: Enterprise Edition Only Specifies whether to enable/disable IP Geolocation lookup. It can be set at server-, virtual host-, or context-level. IP Geolocation is disabled by default when using value "Not Set".
Syntax: Select from radio box
See Also: Use Client IP in Header, DB File Path, DB Cache Type
Apache Style ConfigurationsGo to top
Description: Specifies Apache configuration directives (supported by LiteSpeed) that you want to use in LiteSpeed native configuration file. For example, to override the default PHP configurations (php.ini entries) the server will need four directives: "php_value", "php_flag", "php_admin_value" and "php_admin_flag".
Syntax: Same as Apache configuration file.

Load Balancer Context

Table of Contents

Load Balancer Context

URI | Load Balancer | Allow Override | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Cache | Cache Expire Time (seconds) | Cache Stale Age (seconds) | Cache Request with Query String | Cache Request with Cookie | Cache Response with Cookie | Ignore Request Cache-Control | Ignore Response Cache-Control | Enable Private Cache | Private Cache Expire Time (seconds) | Enable IP Geolocation | 

Load Balancer ContextGo to top
Description: Like other external applications, load balancer worker applications cannot be used directly. They must be mapped to a URL through a context. A Load Balancer Context will associate a URI to be load balanced by the load balancer workers.
URIGo to top
Description: Specifies the URI for this context.
Syntax: The URI can be a plain URI (starting with "/") or a Perl compatible regular expression URI (starting with "exp:"). If a plain URI ends with a "/", then this context will include all sub-URIs under this URI. If the context maps to a directory on the file system, a trailing "/" must be added.
See Also: Location
Load BalancerGo to top
Description: Specifies the name of the load balancer to be associated to this context. This load balancer is a virtual application, and must be defined in the External Application section at the server or virtual host level.
Syntax: Select from drop down list
Allow OverrideGo to top
Description: Specifies what directives in an access control file are allowed. An access control file can be placed in a directory to control the accessibility of files under that directory.
  • When nothing is checked, inherited default settings will be used.
  • When None is checked, access control files will be ignored.
  • When Limit is checked, directives "Order", "Allow from" and "Deny from" are allowed.
  • When Auth is checked, directives "AuthGroupFile", "AuthName", "AuthType", "AuthUserFile", and "Require" are allowed.
  • When FileInfo is checked, directives "Satisfy", "AddDefaultCharset", "AddType", "DefaultType", "ForceType", "ExpiresActive", "ExpiresDefault", "ExpiresByType", "Redirect", "RedirectTemp", "RedirectPermanent", "RewriteEngine", "RewriteOptions", "RewriteBase", "RewriteCond" and "RewriteRule" are allowed
  • When Indexes is checked, directive "DirectoryIndex" is allowed
  • When Options is checked, directive "Options" is allowed

Allow Override configuration is available at three levels: server, virtual host and context. If a configuration is not checked at the server level, the controlled directives will be disabled for the whole server whether or not it is enabled at lower levels. If something is enabled at the server level, virtual hosts will inherit same settings by default. Similarly context level settings will be inherited from virtual host settings. Lower levels can disable a setting that is enabled at an upper level, but cannot enable a setting that is disabled at an upper level.
Syntax: Select from checkbox
Tips: [Performance] If there is no need for directory level configuration customization, check None.
RealmGo to top
Description: Specifies the authorization realm for this context. When specified, a valid username and password must be provided in order to access this context. Authorization Realms are set up in the Virtual Host Security section. This setting uses each realm's Realm Name.
Syntax: Select from drop down list
Authentication NameGo to top
Description: Specifies an alternative name for the authorization realm for current context. If it is not specified, the original realm name will be used. The authentication name is displayed on the browser's login pop-up.
Require (Authorized Users/Groups)Go to top
Description: Specifies which user/group can access this context. This allows you to use one user/group database (specified in Realm) across a number of contexts, but only allow certain users/groups from that database to access this context.
Syntax: Syntax is compatible with Apache's Require directive. For example:
  • user username [username ...]
    Only listed users can access this context;
  • group groupid [groupid ...]
    Only users belonging to the listed groups can access this context.
If this setting is not specified, all valid users will be able to access this resource.
Access AllowedGo to top
Description: Specifies which IPs or sub-networks are allowed to access resources under this context. Together with Access Denied and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
Access DeniedGo to top
Description: Specifies which IPs or sub-networks are NOT allowed to access resources under this context. Together with Access Allowed and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
AuthorizerGo to top
Description: Specifies an external application that can be used to generate authorized/unauthorized decisions. Currently, only the FastCGI Authorizer is available. For more details about the FastCGI Authorizer role, please visit http://www.fastcgi.com.
Syntax: Select from drop down list
Add Default CharsetGo to top
Description: Specifies whether to add a character set tag to the "Content-Type" response header, when content type is either "text/html" or "text/plain" without any parameters. When set to Off, this function is disabled. When set to On, either the character set specified by Customized Default Charset or the default "iso-8859-1" will be added.
Syntax: Select from radio box
Customized Default CharsetGo to top
Description: Specifies a character set to be used when Add Default Charset is On. This is optional. The default value is iso-8859-1. This entry has no effect when Add Default Charset is Off.
Syntax: Name of a character set, like utf-8
Example: utf-8
Enable CacheGo to top
Description: Specifies whether to turn on cache for the current context, either at the server level, virtual host level, or directory level.

Virtual hosts configured through Apache httpd.conf can use the "CacheEnable" and "CacheDisable" directives at the server, virtual host, directory, files, and location level or in .htaccess. "CacheEnable" and "CacheDisable" directives are compatible with Apache mod_cache directives. However, when used at the directory, file, or location level or in a .htaccess, "CacheEnable" and "CacheDisable" will only be applied to all directories below current level. URL parameters will be ignored.
Syntax: Select from radio box
Tips: [Performance] It is not recommended to store large objects with low hit rates in the cache. This may result in high I/O wait and reduce overall server performance.
Cache Expire Time (seconds)Go to top
Description: Specifies how long an object will be cached. The default is "86400" seconds (one day).
Syntax: Integer number
Cache Stale Age (seconds)Go to top
Description: Specifies how long an object will continue to be served after its cache has expired but bbefore the new cache is available. The default is "10" seconds.
Syntax: Integer number
Cache Request with Query StringGo to top
Description: Specifies whether to cache a request with a query string in the URL. The default is "No Cache". When a URL rewrite is involved, the server will check against the rewritten URL.
Syntax: Select from radio box
Cache Request with CookieGo to top
Description: Specifies whether to cache a request containing cookies. The default is "No Cache".
Syntax: Select from radio box
Cache Response with CookieGo to top
Description: Specifies whether to cache a response containing cookies. The default is "No Cache".
Syntax: Select from radio box
Ignore Request Cache-ControlGo to top
Description: Specifies whether to ignore Cache-Control request headers. The default is "No". If set to "Yes", the server may serve a cached object when "no-cache" has been set in Cache-Control.
Syntax: Select from radio box
Ignore Response Cache-ControlGo to top
Description: Specifies whether to ignore Cache-Control response headers. The default is "No". If set to "Yes", the response can be cached by the server even when "no-store", "private" has been set in a Cache-Control header.
Syntax: Select from radio box
Enable Private CacheGo to top
Description: Specifies whether to turn on private cache for the current context, either at server level, virtual host level, or directory level.

Private cache will cache a copy per user based on IP and cookies.
Virtual hosts configured through Apache httpd.conf can use the "CacheEnable private /url" and "CacheDisable private /url" directives at server, virtual host, directory, files, and location levels or in a .htaccess file. "CacheEnable private" and "CacheDisable private" are compatible with Apache's mod_cache directives and will be applied to all directories below the current level. However, when used at the directory, file, and location level or in a .htaccess file, "CacheEnable private" and "CacheDisable private" will be applied to all directories below the current level. URL parameters will be ignored.
Syntax: Select from radio box
Tips: [Performance] It is not recommended to store large objects with low hit rates in the cache. This may result in high I/O wait and reduce overall server performance.
Private Cache Expire Time (seconds)Go to top
Description: Specifies how long an object will be cached in private cache. The default is "60" seconds.
Syntax: Integer number
Enable IP GeolocationGo to top
Description: Enterprise Edition Only Specifies whether to enable/disable IP Geolocation lookup. It can be set at server-, virtual host-, or context-level. IP Geolocation is disabled by default when using value "Not Set".
Syntax: Select from radio box
See Also: Use Client IP in Header, DB File Path, DB Cache Type

STAY CONNECTED