security

Hello To All, @admin my thread in introduction can be deleted, I think it belong here :D Sorry and thanks! Newbie here. I would like to know where I can add security headers for all existing and new hosts. I think it would be nice to have them set globally, rather than configuring them...

Every day, dozens of bots, crawlers, and other attackers make requests to xttp://SERVER_IP. So the question arises - how to restrict access to the server by its IP address. One of the options that immediately came to mind is to use the Accces/Denied List at the Server Settings level in the...

Doesn’t OLS Webadmin Console have 2fa feature? I think it is better to configure the 2fa feature for it, which will be safer. Or is there any way we can configure it ourselves?

Hello everyone, As we all know, we have 2 ways to access cyberpanel, server ip and hostname. Since the url "http://serverip:8090" is not safe， I worry someone will use it to do bad things. So, I would like to redirect “http://serverip:8090” to "https://hostname :8090”. Can any friend...

The details about the recent HTTP/2 CVE, and why you can rest easy with LiteSpeed Enterprise Web Server, LiteSpeed Web ADC, and OpenLiteSpeed: https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/

I want to set SecRule on /webmail I am using the below SecRule this is added in the server conf modsecurity on modsecurity_rules ` SecDebugLogLevel 0 SecAuditEngine on SecRuleEngine On SecRule REQUEST_URI "^/webmail" "id:99999,phase:1,deny,status:403" ` modsecurity_rules_file /conf/path but...

Dear Friend, This is my First Post about OpenLiteSpeed's Issue. I want my Website Pages Open or Unlimited, Only limit Web Socket Proxy can pass by the appointed IP . My Web Socket Proxy of Virtual Host is like this: And it work well. May I know how to Access Control the traffic of Web...

I see in WebAdmin Settings -> General -> Users ... there is a place to change the User Name (admin). Is there any reason not to do so? Thanks, -- Dave

I followed this tutorial: Installing and Configuring the OpenLiteSpeed ModSecurity Module • OpenLiteSpeed to install OWASP CRS. Tested with malicious URL like: - http://localhost:8003/attack.php?q=<script>alert(document.cookie)</script> - http://localhost:8003/attack.php?q=/bin/bash all works...

So I run a security scan on my website from intruder.io it has come back with below error message: The version of PHP in use contains a number of known security vulnerabilities which could be used to compromise the system or affect its availability. PHP is a scripting language usually used for...

I didn't think this was possible, but hackers had enough access to upload a backdoor .php file to various websites hosted via OpenLiteSpeed. They exploited some WordPress vulnerability and uploaded a .php file somewhere containing a backdoor. This file was a backdoor that allowed you to...

Hello! I'm trying to make my webadmin console available over ssl on a subdomain. However, if I set admin listener port to 443, lsws crashes saying it can't set it to 443. This is rather inconvenient, as I usually restrict access to anything webserver related to cloudfalre IPs since I'm behind...

Hi, Is there any way that I can add 2FA to my openitespeed dashboard? Thanks

Hi, I'm a user of WHM/cPanel for years but I starting to love OLS, however, i have just been hacked in less than a week, http://prntscr.com/l6vu6h anyway, it happens, however, in whm I used to use CSF and I was reading https://download.configserver.com/csf/readme.txt and i see there is...

I am trying to add some CSP headers via .htaccess, and they don't seem to be working. Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=631138519; includeSubDomains" when...