4.0 road map

mistwang

LiteSpeed Staff
#1
We have been working on 4.0 feature for a while, the first public beta will be available soon. The follow main feature has been planed
  • squid like disk cache (almost done, will be availabe in Beta1 release)
  • SSI support (due in beta 2)
  • python support with our own python LSAPI module
  • ASP.NET support with our own Mono LSAPI module
  • mod_security 2.0 rule parser
  • Improve real-time status report
  • Improve server scalability for mass hosting using control panels
  • Server performance fine tuning
  • native upload progress bar support, compatible with all existing non-scalable implemenation
  • option to backup and version control configuration file.
  • mod_macro support
If you have suggestion on new feature, please let us know.

Stay tuned. :)
 
Last edited:

anewday

Well-Known Member
#2
Improve real-time status report
Cool, my suggestion made it to the road map. I hope it will be as good as lighttpd server status page. :)

How about limit number of concurrent connectons from an IP based on filetype on a vhost level and with proxy detection? Also, a whitelist to exempt certain IPs. This would come in handy for download servers where it could limit download accelerators from overloading the server.
 
Last edited:

mistwang

LiteSpeed Staff
#3
How about limit number of concurrent connectons from an IP based on filetype on a vhost level and with proxy detection? Also, a whitelist to exempt certain IPs. This would come in handy for download servers where it could limit download accelerators from overloading the server.
We do the connection limit at IP level with proxy detection now, it should be good enough for limiting download accelerators.
 
#4
One useful feature that I wouldn't mind having is the possibility to define request filter rules that work on the response.

In particular the possibility to block pages that contain sensitive information.
In ModSecurity it is possible to do that with something like this:

ModSecurity 2.5.1:
SecRule RESPONSE_BODY "ODBC Error Code"

ModSecurity 1.9:
SecFilterSelective "ODBC Error Code" OUTPUT
 

anewday

Well-Known Member
#7
How about adding the last login date, time, and the IP? Also, on the real time log viewer, add the time the web server was restarted.
 

PSS

Well-Known Member
#9
These might be a bit esoteric but here goes:

1. When I see error like

2007-09-26 15:05:11.869 [NOTICE] [24.241.38.XXX:53081-0#domain.com] [SECURITY] Detected [PATTERN: 'or.+1[[:space:]]*=[[:space:]]1|or 1=1--'|'.+--'] [Msg: SQL Injection attack]

I would like to be able to link that to access log showing which page was that, string contents, was is POST or GET and any other info that might reveal who is trying what, or was this an unintentional string on normal textarea post.

2. a native way to obfuscate file path. When obfuscating folder /abc, serving a file /abc/file.jpg LS would serve it as e.g. http://virtdomain/f8085cb09db7467ba973f6b4e5d5a78d.jpg. I think this would benefit also from changing that path on-the-fly in http source ;)

3. Compile PHP: with download/compile latest APC, Xcache etc. and with version management.

4. search for logs (also access logs!).

5. switch to reverse log display (newest first).

6. Realtime update for log view (also access logs!)

7. When I get image hotlink protection message

[189.61.153.XXX:2023-1#domain.com] [HOTLINK] Reference from other web site, access denied, referrer: [www.remote.com]

I would like to know the referrer page.

8. performance analyzer: basically I would like to know what is the page requested -> sent time in ms. and if there are any suggested LS settings which would make it faster & use less resources. Something like you see in SiSoft Sandra.
 

PSS

Well-Known Member
#10
Oh, a question: does the 4.0 beta/RC agree with 3.3.X version management? I'm willing to try it out for short periods on my live sites if that is so.
 

mistwang

LiteSpeed Staff
#11
1. the request URL should has been logged in error.log, but not in audit log.
2. No, we won't do that, leave it for developer using rewrite rule or something.
3. Our web console have option to compile PHP now.
4. Yes, I want that too.
5. No, just show the last few lines by default.
6. Maybe, may not work well with busy site, as it you may not able to catch the update speed.
7. Yes, we can log the request URL.
8. Maybe

Yes, you can switch back and forth between 3.3.x and 4.0 beta/RC.
 
Last edited:

anewday

Well-Known Member
#13
And should make it possible to see the list of banned IPs (triggered by per client throttling), email notice, and ability to unban them.

To add to #8, I want to see how many bytes transferred since restart of webserver. Maybe even have alerts when it reaches a certain set threshold (borrow some features from mod_bandwidth), and show stats by day, week, month, etc.. ;)
 
Last edited:

subBlue

Active Member
#18
My tiny request is to have all the vhost and listening listings sorted alphabetically by default. Becomes a pain to fine the vhost you want when you have a long list!
 
#20
Feature request

I've been meaning to ask for this for a long time, but it would be awesome to have some kind of a RESTful interface into the admin tool. Even if it was just the ability to add/remove sites from the templates that would be great.

I just finished writing a little script that will directly modify the xml file, but it would be nicer if I could run it remotely or better yet bake it into a web interface that also interfaces with our DNS servers. That would drastically reduce the time it takes for us to create new sites. Not to mention cutting down on typos. The RESTful interface would also be helpful because all of our servers are redundant so everything has to be done two or more times.
 
Top