Search results

nvm I figured it out, I upgraded from nginx and we preserved the www-data permission sets, but the cache directory on the server defaulted to nobody:nogroup

In a thread and also on the openlitespeed website

The link no longer functions

When logged out, I see these headers in firefox: HTTP/2.0 200 OK expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache x-powered-by: Memberium 2.137 set-cookie: ia_leadsource=domainredacted; expires=Sun, 27-Oct-2019 23:34:40 GMT...

Thank you!

While it's true that this can be blamed partially on Webmin, as it seems to disregard the default settings of apt, the issue of the fcgi-bin/lsphp symlink being overwritten remains.

If that's the case then the instruction text should be updated to reflect that.

I found the issue. There was an error in the server error log about the location path being in the denied list. I had to change location from / to $DOC_ROOT/, and now the header is displaying. However, I think this is a bug? Because it says that $DOC_ROOT is assumed and can be omitted.

I also disabled LSCache just now to ensure that the headers are reflecting changes and that change did show up. However I disabled HTTP/2 and selected 'none' and it's still showing HTTP/2. I noticed you're using HTTP/1.1 so I'm wondering if it could be a bug with HTTP/2 implementation.

I did a purge all in LSCache, no difference. cURL is still not showing the header.

Here's what's in mine, I edited the headers section to test similar to your example: <code> context / { location / allowBrowse 1 extraHeaders Content-Security-Policy default-src 'self' indexFiles...

I did a graceful restart

Okay, I followed the instructions on that page and added the following to my / context Content-Security-Policy default-src 'self' X-XSS-Protection 1;mode=block X-Frame-Options SAMEORIGIN Referrer-Policy strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000...

I am trying to add some CSP headers via .htaccess, and they don't seem to be working. Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=631138519; includeSubDomains" when...

Thanks!

I'm looking at switching from Nginx and I would prefer to keep my websites in /var/www/html, but it seems like the Debian package of LiteSpeed is chrooted to /usr/local/lsws and can't see anything in /var/www, Is it possible to fix this without too much headache? I tried a symlink but still got...