The HTTPoxy Vulnerability has been taken care of by LiteSpeed, automatically!

July 18th, 2016 by Rob Holda

httpoxy

Today, HTTPoxy was discovered in the wild. This vulnerability affects some server-side web applications that run in CGI or CGI-like environments, such as some FastCGI configurations. So far, the PHP, Python, and Go languages are known to be affected by this.

The vulnerability is caused by conflicting namespaces. A CGI or FastCGI-like interface sets environment variables based on HTTP request parameters. These can override internal variables that are used to configure the application. Further explanation of this bug can be found on the httpoxy web page.

This page suggests that the best way to fix this issue is to block “Proxy” request headers, detailed instructions have been posted for various web servers and proxy servers.

However, manually updating server configurations can be complex, error prone, and time consuming. In these cases, careful testing must be done. Even with detailed instructions, it’s hard to predict how long it is going take to protect websites from the HTTPoxy vulnerability, or if it will ever happen.

With LiteSpeed, blocking these requests is as simple as updating to the newest version of LiteSpeed Web Server.

/usr/local/lsws/admin/misc/lsup.sh -v 5.0.19
or
/usr/local/lsws/admin/misc/lsup.sh -v 5.1.7

All LiteSpeed users will receive a notification within 24 hours regarding this new version and the vulnerability.

LiteSpeed is the only web server provider with the capacity to practically address security vulnerabilities with such speed.

For peace of mind, LiteSpeed should be your top choice.

To get these newest versions of LiteSpeed Web Server directly visit our LiteSpeed Web Server downloads page.

LiteSpeed Announces Load Balancer 2.0 (LiteSpeed ADC) with built-in LiteMage Cluster + PageSpeed Optimization

June 28th, 2016 by Rob Holda

Buildings_Skyscrapers_Night_Freeway_Highway_Lights_Timelapse_650x300(2)

Introduction

It is a well-known fact that clustering Magento environments is technically complex. Adding Full Page Caching to a Magento cluster is even more difficult. Many people try to use PHP Full Page Caches with redis backends. This is not difficult, however the performance increase is not very good. Alternatively, introducing Varnish as the cache layer offers better performance. However, this creates a single point of failure, SSL termination issues, cache synchronization issues, and load balancing issues.

LiteSpeed Technologies proudly announces the industry’s first single layer, integrated, enterprise scale, application aware Application Delivery Controller (ADC). LiteSpeed ADC delivers:

  • Fault tolerant Layer 4/7 Load Balancing
  • High Availability replication
  • Web Cache engine with ESI (Edge Side Include) support
  • HTTP/2, SPDY, SSL termination
  • Web Application Firewall (WAF) compatible with mod_security
  • Layer 4/7 DDoS protection
  • PageSpeed optimization
  • LiteMage cache for Magento

LiteSpeed ADC simplifies today’s highly dynamic and complex web applications, improving scalability, performance, and security.

With built-in LiteMage Cluster, LiteSpeed ADC is the top choice for building a highly available, cache accelerated, PCI compliant clustered hosting stack for large scale Magento stores.

Caching in large scale Magento environments is difficult. Whether using Redis in M1 or Varnish in M2, cache consistency and even load distribution can prove to be problematic. In addition, extra layers cause latency for things like SSL termination.

LiteSpeed ADC combines the SSL termination, caching, page optimization, and load distribution layers all into a single layer. This greatly reduces the complexity of building an accelerated Magento cluster improving performance and overall cluster efficiency.

multiple LSLB Setup diagram_v5_720x540

The Problem

Magento full page caching has always been very difficult, full page caching for clustered Magento environments make it extremely difficult. Cache consistency across nodes has technical challenges, and has led to single points of failure in Magento stores. LiteSpeed ADC offers Magento customers the first load balanced full page cache, eliminating the cache as a single point of failure. By caching at the load balancer and offering a High Availability setup, LiteSpeed ADC can scale to meet any inbound load. Since it is software-based, it also fits well into today’s devops frameworks.

The Problem II

Cache accuracy remains a challenge in Magento. With dynamically built PHP applications like Magento, knowing what pages and components can be cached is a daunting task. Edge Side Includes (ESI) have created ways to dynamically punch holes in pages that were mostly static content but previously uncacheable. LiteMage enabled Magento 1 and Magento 2 stores to be accurately cached.

LiteSpeed ADC is LiteMage compatible, bringing enterprise scale customers LiteMage accuracy and simplifies their Magento architecture. LiteMage users typically see 3-5x performance gains versus other full page cache solutions.

LiteSpeed ADC introduces layered caching when used with LiteSpeed Web Server. Layered caching allows cache warming for enterprise scale Magento customers without impacting production. Background processes synchronize offline caches once the site has been crawled. This also allows rolling out seasonal promotions without losing cache due to purging outdated pages.

LiteSpeed ADC is the first PageSpeed optimized load balancing cache for Magento. PageSpeed optimizes cache pages without the need for third party extensions before storing them for fastest TTFB and resource efficiency.

Summary

LiteSpeed ADC represents the first Magento caching load balancer available to Magento customers. It provides an easy full page cache solution for Magento clusters and further improves site performance with Google PageSpeed optimization. By moving the caching layer up to the load balancer, LiteSpeed ADC improves the cache efficiency and consistency, and can be deployed against any existing backend web server technology.

LiteSpeed Technologies recognizes that Magento customers rely on their web stores as revenue engines. LiteSpeed ADC is the most technically advanced solution for Magento customers operating in complex environments. LiteSpeed ADC delivers significant performance gains while eliminating risk from single points of failure, driving the highest conversion rate possible for your Magento store.

Contact LiteSpeed for your free trial: info@litespeedtech.com

ols1clk: 1-Click Install OpenLiteSpeed With WordPress + MySQL!

May 4th, 2016 by Rob Holda

OpenLiteSpeedOneClickInstall

 
Just when you thought installing OpenLiteSpeed couldn’t get any easier, it does! With our new ols1clk installation script, you can install OLS (and optionally MySQL and WordPress) with literally one click!

Read the rest of this entry »

OpenLiteSpeed Does It Again:
1.4.17 Retakes the Lead In Serving Small Static Files With Its Default Configuration

May 3rd, 2016 by Rob Holda

OLS4Core

Last month, we reported that we improved OpenLiteSpeed’s performance by fixing a bug we discovered thanks to a benchmark posted by Jarrod from rootusers.com.

Since then, an Nginx developer suggested some configuration tuning to make the Nginx results better. We found that some of those configurations are not likely to be used in a production environment. Notably:

  • sendfile was turned off
  • etag header was turned off

Our internal evaluation confirmed that Nginx was indeed faster with its benchmark-tuned configuration. That said, should these kinds of configurations be used in a production server?

Read the rest of this entry »

LiteMage Configuration Tricks:
How To Keep Your Cache Warm Indefinitely

April 27th, 2016 by Rob Holda

Keep Your LiteSpeed Public Cache Warm

LiteMage has many settings which can be fine-tuned to increase store performance. Today, let’s discuss a trick that nearly all stores can benefit from: keeping your public cache warm.

What is a warm cache?

A warm cache already contains your data, in this case objects and pages. When these are freshly stored in your cache, they can be served by LiteSpeed Web Server directly. This prevents PHP from being invoked and hitting the Magento backend, meaning your users can access these objects and pages faster. Thus, it would be ideal to keep your cache warm as long as possible. LiteMage can keep your cache warm indefinitely.

But how?

Read the rest of this entry »

Imagine Conference: Magento@LiteSpeed!

April 26th, 2016 by Rob Holda

Magento Imagine 2016

Last month we posted about our experiences at WHD.Global. Two weeks and thousands of miles later, we attended the Magento Imagine conference in Las Vegas. We’d like to again share our thoughts.
Read the rest of this entry »

Announcing Our New LiteMage Package Pricing!

April 21st, 2016 by Rob Holda

x-litespeed-cache: hit,litemage

With the recent end of the LiteMage‘s promotional period, a new pricing plan was put in place. Today, I’m pleased to announce the new pricing scheme of our LiteMage Packages.

Read the rest of this entry »

LSCWP Hits 2,000 Downloads! Here’s What People Are Saying!

April 15th, 2016 by Rob Holda

LSCWPReviews

In early January, we blogged about the great feedback that our LiteSpeed Cache Plugin for WordPress (LSCWP) was receiving. Since it’s official release on January 20th, LSCWP has continued to receive very positive feedback. Three months and 2,000 downloads later, we thought we’d share some of this feedback and how it has shaped the development of our LSCWP plugin.

Read the rest of this entry »

LSMCD: A Persistent, Highly Scalable and Available Memcached Replacement

April 13th, 2016 by Rob Holda

LSMCD

Think database web applications have to be slow? Think again! With our completely free and open source LiteSpeed Memcached, you can accelerate your site by alleviating database load dynamically!

Read the rest of this entry »

LiteMage 2 for Magento 2 Released!
LiteMage Goes Open Source!

April 8th, 2016 by Rob Holda

litemage2

 
Magento 2 introduced many improvements over Magento 1.9. Magento’s built-in PageCache module is now included in both Magento 2 Community and Enterprise Editions, the checkout process has been streamlined, the code modernized, performance improved, and table locking reduced. These improvements make Magento 2 faster and more stable than it’s predecessor, but it can still be made better.

For example, you could implement a faster full page caching solution, such as Varnish. Unfortunately, this can over-complicate your stack, requiring extra components such as an NGINX reverse proxy and a Varnish Cache Instance.

Now, there’s an easier way.

Read the rest of this entry »