DOCUMENTATION
Security
LiteSpeed Load Balancer is designed with security as top consideration in mind.
It supports SSL; has Access Control at server and virtual host level. Besides those standard features, it also has the following special security features.
- Connection level limits:
- IP level throttling: Limits network bandwidth to and from a single IP address regardless of the number of connections.
- IP level connection accounting: Limits the number of concurrent connections from a single IP address. It is controlled by Connection Soft Limit, Connection Hard Limit, Grace Period and Banned Period.
- Request checking:
- Web Application Firewall:
- Backend overloading prevention:
- Chroot
Every HTTP request is strictly checked by LiteSpeed load balancer.
"/." is not allowed in a decoded URL, this will deny accessing hidden files
and parent directories.
Request size is limited by Max Request URL Length,
Max Request Header Length and Max
Request Body Length.
Request Filtering can be performed on the request header/body to check against possible attack signatures. This helps defend against XSS attacks and SQL injection attacks, blocking those requests right from the start.
LiteSpeed load balancer can pipeline requests and control the concurrent level to an external applications to prevent overloading backend servers. It caches the response from web server, thus backend server will be immediately available to process next request without waiting for the response completely received by the client. In this way, backend server can serve more concurrent requests and will achieve higher performance and scalability.
LiteSpeed load balancer can run in chroot environment (known as a chroot jail). In chroot environment, the server and its children processes cannot access file system outside of the chroot jail. This protects system from attacks of malicious code.