Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
litespeed_wiki:config:csf [2019/02/13 14:15]
Lucas Rolff [Prevent symlink alert from lfd]
litespeed_wiki:config:csf [2019/02/13 16:05] (current)
Lisa Clarke Proofreading
Line 3: Line 3:
 If you're using [[https://​configserver.com/​cp/​csf.html|ConfigServer Security & Firewall (CSF)]], you have to make a few changes to the CSF configuration. This guide will explain the various changes that need to be done! If you're using [[https://​configserver.com/​cp/​csf.html|ConfigServer Security & Firewall (CSF)]], you have to make a few changes to the CSF configuration. This guide will explain the various changes that need to be done!
  
-====Prevent ​symlink alert from lfd====+=====Prevent ​Symlink Alert From LFD=====
  
-Since LiteSpeed Web Server ​release ​5.3.6, we moved ''/​tmp/​lshttpd/​.rtreport''​ to ''/​dev/​shm''​ to decrease disk IO performed, as a result, we introduced a symlink from the original location so existing configuration doesn'​t break.+In LiteSpeed Web Server ​version ​5.3.6, we moved ''/​tmp/​lshttpd/​.rtreport''​ to ''/​dev/​shm''​ to decrease disk IO. As a result, we introduced a symlink from the original location so any existing configuration doesn'​t break.
  
 However, this can cause alerts from CSF/LFD such as this: However, this can cause alerts from CSF/LFD such as this:
Line 15: Line 15:
   Action: No action taken   Action: No action taken
  
-You have to add: +Add ''/​tmp/​lshttpd/​\.rtreport.*''​ to ''/​etc/​csf/​csf.fignore'' ​to suppress this alert, and then restart CSF using ''​csf -ra''​.
-''/​tmp/​lshttpd/​\.rtreport.*''​ to ''/​etc/​csf/​csf.fignore''​+
  
-Make sure to restart csf afterward using ''​csf -ra''​+=====Prevent LSPHP Alert From LFD=====
  
-====Prevent ​lsphp alert from lfd====+Depending on your settings, or the amount of traffic your customers receive, you can easily end up with ''​lsphp''​ processes that run for a long time. This happens because we spawn a parent lsphp process for each vhost or customer. This process is used for a few things including shared memory for opcache and keeping the process alive for faster traffic handling (we skip the startup delay).
  
-Depending on your settings, or the amount of traffic your customers receive, you can easily end up with ''​lsphp''​ processes that run for a long time, this happens because we spawn a parent lsphp process per vhost or customer, this process is used for e.g. shared memory for opcache as well as keeping the process alive to be able to handle traffic quicker (we skip the startup delay). +However, this can trigger some LFD alerts such as the one below:
- +
-However, this can trigger some lfd alerts such as the one below:+
  
   Time:         Tue Feb 12 16:33:02 2019 +0100   Time:         Tue Feb 12 16:33:02 2019 +0100
Line 35: Line 32:
   Killed: ​      No   Killed: ​      No
  
-We can prevent this by adding ''​pexe:/​opt/​cpanel/​ea-php.*/​root/​usr/​bin/​lsphp.*''​ to ''/​etc/​csf/​csf.pignore''​.+We can prevent this by adding ''​pexe:/​opt/​cpanel/​ea-php.*/​root/​usr/​bin/​lsphp.*''​ to ''/​etc/​csf/​csf.pignore'',​ and then restarting CSF using ''​csf -ra''​.
  
-Make sure to restart csf afterward using ''​csf -ra''​+=====Prevent LSHTTPD Alert From LFD=====
  
-====Prevent lshttpd alert from lfd==== +The ''​lshttpd'' ​binary is unknown to LFD, so you may also receive alerts like this:
- +
-The lshttpd binary is unknown to lfd, so you can also receive alerts like this:+
  
   Time:    Tue Feb 12 19:03:40 2019 +0100   Time:    Tue Feb 12 19:03:40 2019 +0100
Line 57: Line 52:
   tcp: xx.xx.xx.xx:​80 -> xx.xx.xx.xx:​4007   tcp: xx.xx.xx.xx:​80 -> xx.xx.xx.xx:​4007
  
-We can prevent this from adding ''​pexe:/​usr/​local/​lsws/​bin/​lshttpd.*''​ to ''/​etc/​csf/​csf.pignore''​+We can prevent this by adding ''​pexe:/​usr/​local/​lsws/​bin/​lshttpd.*''​ to ''/​etc/​csf/​csf.pignore''​, and then restarting CSF using ''​csf -ra''​.
- +
-Make sure to restart csf afterward ​using ''​csf -ra''​+
  
-====Other====+=====Other=====
  
-If you're using QUIC, then make sure to open up port UDP 443 on your firewall, this can be done in CSF under ''​UDP_IN''​ and ''​UDP_OUT''​. You can read more about enabling QUIC [[litespeed_wiki:​config:​enable_quic:​apache_configuration_with_cpanel|here]].+If you're using QUIC, then make sure to open up port UDP 443 on your firewall. This can be done in CSF under ''​UDP_IN''​ and ''​UDP_OUT''​. You can read more about enabling QUIC [[litespeed_wiki:​config:​enable_quic:​apache_configuration_with_cpanel|here]].
 
litespeed_wiki/config/csf.txt · Last modified: 2019/02/13 16:05 by Lisa Clarke