Difference between revisions of "Litespeed"
m (→Does ASL work with LiteSpeed?) |
m (→Does ASL work with LiteSpeed?) |
||
| Line 1: | Line 1: | ||
== Does ASL work with LiteSpeed? == | == Does ASL work with LiteSpeed? == | ||
| − | Litespeed does not apparently work with secure kernels, such as the ASL kernel. If you use Litespeed, you may not be able to use a secure kernel such as the ASL kernel. If you do use the ASL kernel, with Litespeed, and Litespeed does not work please know that this is not something we can resolve. This is a due to a | + | Litespeed does not apparently work with secure kernels, such as the ASL kernel. If you use Litespeed, you may not be able to use a secure kernel such as the ASL kernel. If you do use the ASL kernel, with Litespeed, and Litespeed does not work please know that this is not something we can resolve. This is a due to a vulnerability in Litespeed that the kernel is protected the system from. We highly recommend you report this vulnerability to Litespeed, and that you open a support case with Litespeed. |
| + | |||
| + | Due to the closed source nature of Litespeed, this is not something we can fix in Litespeed and not something we can change in the kernel (the vulnerability in Litespeed attempts to open a hole in the kernel, which would make the system vulnerable to a root level compromise. This is not something we can or will all to occur with the ASL kernel). As this is a vulnerability in Litespeed, the correct solution is for Litespeed to fix this vulnerability. | ||
Litespeed, like all HTTP based servers, may be protected through the ASL T-WAF module. Litespeed will show connections from the local system, by default, when using the T-WAF as all connections will in fact be coming from the server itself. Litespeed will need to be configured to use the X-Forwarded-From header for the upstream IP address of the client. Please contact Litespeed for official instructions about how to configure Litespeed to do this. | Litespeed, like all HTTP based servers, may be protected through the ASL T-WAF module. Litespeed will show connections from the local system, by default, when using the T-WAF as all connections will in fact be coming from the server itself. Litespeed will need to be configured to use the X-Forwarded-From header for the upstream IP address of the client. Please contact Litespeed for official instructions about how to configure Litespeed to do this. | ||
Revision as of 17:11, 4 September 2012
Does ASL work with LiteSpeed?
Litespeed does not apparently work with secure kernels, such as the ASL kernel. If you use Litespeed, you may not be able to use a secure kernel such as the ASL kernel. If you do use the ASL kernel, with Litespeed, and Litespeed does not work please know that this is not something we can resolve. This is a due to a vulnerability in Litespeed that the kernel is protected the system from. We highly recommend you report this vulnerability to Litespeed, and that you open a support case with Litespeed.
Due to the closed source nature of Litespeed, this is not something we can fix in Litespeed and not something we can change in the kernel (the vulnerability in Litespeed attempts to open a hole in the kernel, which would make the system vulnerable to a root level compromise. This is not something we can or will all to occur with the ASL kernel). As this is a vulnerability in Litespeed, the correct solution is for Litespeed to fix this vulnerability.
Litespeed, like all HTTP based servers, may be protected through the ASL T-WAF module. Litespeed will show connections from the local system, by default, when using the T-WAF as all connections will in fact be coming from the server itself. Litespeed will need to be configured to use the X-Forwarded-From header for the upstream IP address of the client. Please contact Litespeed for official instructions about how to configure Litespeed to do this.
Courtesy instructions for setting up Litespeed to do this are provided on the ASL WAF page.
How to install the T-WAF
As root, run this command:
yum install asl-waf-module
How to configure the T-WAF for litespeed
Step 1) Log into ASL.
Step 2) Click on the "Configuration" tab.
Step 3) Click on the "WAF" tab and select "WAF configuration".
Step 4) Click the "Add" button.
Step 5) Select "Local Web Server" from the "Add protection for" drop down.
Step 6) Select the port that litespeed runs on. Normally this is port 80.
Step 7) Check the SSL box
Enter the file system path to your SSL certificate, and SSL key in the "Path to SSL Certificate" and "Path to SSL Key file" boxes.
Step 8) Click Save
Note: Litespeed does not support the WAF in embedded mode.
