security

  1. UserMilan

    Where to add Security Headers for all hosts?

    Hello To All, @admin my thread in introduction can be deleted, I think it belong here :D Sorry and thanks! Newbie here. I would like to know where I can add security headers for all existing and new hosts. I think it would be nice to have them set globally, rather than configuring them...
  2. krlabs

    How to Restrict Direct Access to Server’s Real IP When Using Cloudflare (OpenLiteSpeed)

    Every day, dozens of bots, crawlers, and other attackers make requests to xttp://SERVER_IP. So the question arises - how to restrict access to the server by its IP address. One of the options that immediately came to mind is to use the Accces/Denied List at the Server Settings level in the...
  3. T

    2fa feature for OLS Webadmin Console

    Doesn’t OLS Webadmin Console have 2fa feature? I think it is better to configure the 2fa feature for it, which will be safer. Or is there any way we can configure it ourselves?
  4. T

    How to redirect “http:// serverip:8090” to “https://hostname :8090”

    Hello everyone, As we all know, we have 2 ways to access cyberpanel, server ip and hostname. Since the url "http://serverip:8090" is not safe, I worry someone will use it to do bad things. So, I would like to redirect “http://serverip:8090” to "https://hostname :8090”. Can any friend...
  5. lslisa

    OpenLiteSpeed is NOT vulnerable to Rapid Reset

    The details about the recent HTTP/2 CVE, and why you can rest easy with LiteSpeed Enterprise Web Server, LiteSpeed Web ADC, and OpenLiteSpeed: https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
  6. S

    SecRule not working

    I want to set SecRule on /webmail I am using the below SecRule this is added in the server conf modsecurity on modsecurity_rules ` SecDebugLogLevel 0 SecAuditEngine on SecRuleEngine On SecRule REQUEST_URI "^/webmail" "id:99999,phase:1,deny,status:403" ` modsecurity_rules_file /conf/path but...
  7. Jacky Zhang

    How to do Access Control of Virtual Host ' Web Socket Proxy

    Dear Friend, This is my First Post about OpenLiteSpeed's Issue. I want my Website Pages Open or Unlimited, Only limit Web Socket Proxy can pass by the appointed IP . My Web Socket Proxy of Virtual Host is like this: And it work well. May I know how to Access Control the traffic of Web...
  8. Davi8r

    Any reason to not change WebAdmin username?

    I see in WebAdmin Settings -> General -> Users ... there is a place to change the User Name (admin). Is there any reason not to do so? Thanks, -- Dave
  9. B

    OWASP CRS ModSecurity rules not blocking malicious request body in OpenLiteSpeed

    I followed this tutorial: Installing and Configuring the OpenLiteSpeed ModSecurity Module • OpenLiteSpeed to install OWASP CRS. Tested with malicious URL like: - http://localhost:8003/attack.php?q=<script>alert(document.cookie)</script> - http://localhost:8003/attack.php?q=/bin/bash all works...
  10. scottnzuk

    PHP Version In Use Contains Known Vulnerabilities v5.6 php - ADMIN PORTAL ONLY.

    So I run a security scan on my website from intruder.io it has come back with below error message: The version of PHP in use contains a number of known security vulnerabilities which could be used to compromise the system or affect its availability. PHP is a scripting language usually used for...
  11. slowaways

    PHP Backdoor - My WordPress websites was hacked

    I didn't think this was possible, but hackers had enough access to upload a backdoor .php file to various websites hosted via OpenLiteSpeed. They exploited some WordPress vulnerability and uploaded a .php file somewhere containing a backdoor. This file was a backdoor that allowed you to...
  12. U

    Can't set WebAdmin to port 443

    Hello! I'm trying to make my webadmin console available over ssl on a subdomain. However, if I set admin listener port to 443, lsws crashes saying it can't set it to 443. This is rather inconvenient, as I usually restrict access to anything webserver related to cloudfalre IPs since I'm behind...
  13. D

    Add two-factor authentication to my openlitespeed dashboard

    Hi, Is there any way that I can add 2FA to my openitespeed dashboard? Thanks
  14. Ivan Rojas

    Security & Firewall (csf)

    Hi, I'm a user of WHM/cPanel for years but I starting to love OLS, however, i have just been hacked in less than a week, http://prntscr.com/l6vu6h anyway, it happens, however, in whm I used to use CSF and I was reading https://download.configserver.com/csf/readme.txt and i see there is...
  15. S

    CSP Headers aren't being sent

    I am trying to add some CSP headers via .htaccess, and they don't seem to be working. Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=631138519; includeSubDomains" when...
Top