Server Improvements Under the Hood
LiteSpeed Web Server and LiteSpeed Web ADC both got significant updates at the end of 2023. Let’s look under the hood to see how these new updates can make your LiteSpeed experience even better!
RE2 in ModSecurity
LiteSpeed’s sleek and performant ModSecurity engine now supports the RE2 regular expression library. You can stick with the PCRE library that Apache, nginx, and others currently use, or you can switch to RE2, which comes with a resource-management advantage.
PCRE commonly faces infinite-looping and thread-blocking issues when processing large input with poorly written patterns. This is a fatal problem for a high-performance, event-driven server. LiteSpeed minimizes the impact of thread blocking by using a thread pool that is separate from the main loop. But despite these measures, as PCRE’s resource usage grows exponentially, it can still cause a server to slow down.
Computational resource consumption by RE2, on the other hand, grows only linearly and is more predictable.
RE2 offers a slightly smaller number of features than PCRE does. However, RE2 is faster than PCRE when using certain operators like Boolean OR (|
).
Bottom line: if PCRE is working for you, there is no need to switch. But if you are seeing high CPU utilization, and you think ModSecurity could be to blame, try using RE2, and see if that helps. Navigate to WebAdmin Console > Server > Security > Web Application Firewall (WAF) and select Use RE2 regex engine.
QUIC v2
In March of 2023, we updated our LSQUIC HTTP/3 Library to use QUIC v2. Since then, we’ve taken our time integrating QUIC v2 into our server products. This has allowed for maximum testing time and confidence before rolling it out.
As of LSWS v6.2 and LSADC v3.2, QUIC v2 is in production.
Request Header Validation
Request header validation is now more strict. As of these new versions, our validator checks for NULL bytes in the header value, and Transfer-Encoding value manipulation. If either of these is detected, a 400 bad request
is returned.
LSWS Apache Compatibility
We have three compatibility improvements to share.
First up, Litespeed now supports the new flags recently added to Apache’s rewrite engine:
BNP
backrefnoplus
BCTLS
BNE
Second, we now support RewriteCond expr '<expression>'
.
And third, we squashed a bug that was preventing us from supporting dynamic regular expression matching. The issue was with variables in the pattern, as seen in SSI code like this:
<!--#if expr="$referrer = /$host/" –>
LiteSpeed could support fixed regular expression patterns in Apache expressions, but failed when variables were used. This issue is now solved, and LiteSpeed Web Server v6.2 fully supports dynamic regular expression matching.
Web ADC HEAD Caching
LiteSpeed Web ADC now supports HEAD caching. Separate cache entries will be created for HEAD requests, to avoid unnecessary hits to the back end, and to improve the cache hit rate.
Conclusion
Have you updated LiteSpeed Web Server or LiteSpeed Web ADC yet? The new versions are stable and ready to serve!
If you’re new to LiteSpeed and want to take one of these products out for a spin, sign up for a 15-day trial, today:
Comments