Archive for the ‘Web Server’ Category

The HTTPoxy Vulnerability has been taken care of by LiteSpeed, automatically!

Monday, July 18th, 2016

httpoxy

Today, HTTPoxy was discovered in the wild. This vulnerability affects some server-side web applications that run in CGI or CGI-like environments, such as some FastCGI configurations. So far, the PHP, Python, and Go languages are known to be affected by this.

The vulnerability is caused by conflicting namespaces. A CGI or FastCGI-like interface sets environment variables based on HTTP request parameters. These can override internal variables that are used to configure the application. Further explanation of this bug can be found on the httpoxy web page.

This page suggests that the best way to fix this issue is to block “Proxy” request headers, detailed instructions have been posted for various web servers and proxy servers.

However, manually updating server configurations can be complex, error prone, and time consuming. In these cases, careful testing must be done. Even with detailed instructions, it’s hard to predict how long it is going take to protect websites from the HTTPoxy vulnerability, or if it will ever happen.

With LiteSpeed, blocking these requests is as simple as updating to the newest version of LiteSpeed Web Server.

/usr/local/lsws/admin/misc/lsup.sh -v 5.0.19
or
/usr/local/lsws/admin/misc/lsup.sh -v 5.1.7

All LiteSpeed users will receive a notification within 24 hours regarding this new version and the vulnerability.

LiteSpeed is the only web server provider with the capacity to practically address security vulnerabilities with such speed.

For peace of mind, LiteSpeed should be your top choice.

To get these newest versions of LiteSpeed Web Server directly visit our LiteSpeed Web Server downloads page.

Imagine Conference: Magento@LiteSpeed!

Tuesday, April 26th, 2016

Magento Imagine 2016

Last month we posted about our experiences at WHD.Global. Two weeks and thousands of miles later, we attended the Magento Imagine conference in Las Vegas. We’d like to again share our thoughts.
(more…)

Announcing Our New LiteMage Package Pricing!

Thursday, April 21st, 2016

x-litespeed-cache: hit,litemage

With the recent end of the LiteMage‘s promotional period, a new pricing plan was put in place. Today, I’m pleased to announce the new pricing scheme of our LiteMage Packages.

(more…)

LSMCD: A Persistent, Highly Scalable and Available Memcached Replacement

Wednesday, April 13th, 2016

LSMCD

Think database web applications have to be slow? Think again! With our completely free and open source LiteSpeed Memcached, you can accelerate your site by alleviating database load dynamically!

(more…)

Of Benchmarks and Bug Fixes: OpenLiteSpeed Gets Even Faster!

Thursday, March 31st, 2016

OLS Stopwatch

 
A few weeks back, Jarrod from rootusers.com posted a benchmark that demonstrated that when handling small static files, Nginx outperformed our OpenLiteSpeed Web Server, particularly during the 1 and 2 CPU Core tests. We decided to dig deeper and investigate these results.

(more…)

LSWS 5.0.3 Updated To Fix Forced SSL On Google Chrome Version 44.0.2403.89

Friday, July 24th, 2015

The latest Google Chrome version 44.0.2403.89 is currently redirecting all HTTP URLs to their HTTPS versions for certain web applications. This is caused by a bug in Chrome causing the “HTTPS: 1” header to be sent by default on every request. This is mainly causing problems for WordPress sites with the WooCommerce plugin installed as well as sites without HTTPS support. Because of WordPress and WooCommerce’s popularity, this bug may be affecting a large number of people.
(more…)

Pioneering HTTP/2

Tuesday, July 14th, 2015

litespeed-driving-http2

At LiteSpeed Technologies we are always striving to incorporate the newest and best cutting-edge technologies into our family of web servers. This of course extends to the new HTTP/2 network protocol standard (published May 2015). We are proud to have been ahead of the curve in this by providing HTTP/2 support as early as January 23rd for OpenLiteSpeed and April 17th for our Enterprise edition. Apache does not yet have a production quality HTTP/2 module while NGINX’s HTTP/2 support will not be available in 2015.

(more…)

LiteSpeed Web Server: The World’s First Web Server to Offer HTTP/2 Support

Wednesday, May 20th, 2015

http2support

 

Development

For the past two years, we have been developing solutions to stay “ahead of the curve” in anticipation of HTTP/2’s impending release and we are very happy to announce some exciting news! The wait is over and the latest RFC has made it official. HTTP/2 is finally here!

(more…)

LSWS 5.0 Is Out – Support for HTTP/2, ESI, LiteMage Cache

Friday, April 17th, 2015

Welcome to the beginning of a new era in web server technology. LiteSpeed Web Server 5.0 introduces two important new features — HTTP/2 support and LiteMage Cache (Magento full page caching with ESI-powered hole punching) — as well as a host of smaller upgrades. (more…)

LSWS 5.0 RC3 Released: HTTP/2 Support and Improved ESI Caching

Wednesday, March 11th, 2015

LiteSpeed has just released LiteSpeed Web Server 5.0 RC3. This latest iteration contains some exciting features, including HTTP/2 support and improved ESI support (for page caching with hole-punching). Most importantly, though, it is very stable. Anyone who’s interested in ESI, SPDY, HTTP/2, or WebSocket proxy support should try out RC3. (more…)