Glossary

.htaccess (aka Hypertext Access) is a directory-level configuration file used by Apache web server (and Apache-compatible servers, like LiteSpeed).

.htaccess defines the configuration of the server, and enables or disables additional functionality. An .htaccess file can be simple, containing basic redirects and rewrite rules, or complex with advanced functions such as password protection, cache control, and image hot link prevention.

The scope of .htaccess is the directory in which it appears.

DDoS is short for Distributed Denial of Service. During a DDoS attack, perpetrators use a large number of IP addresses to flood the server with incoming traffic. These attacks can be volume-based, protocol-based, or application-layer-based.

Anti-DDoS is a collective term for the strategies used to battle the variety of DDoS attack techniques. Typically, Anti-DDoS tools mitigate the impact of DDoS attacks on networks through firewalls, and a variety of harware and software solutions.

Apache Web Server is free, open-source, cross-platform web server software. It played a key role in the initial growth of the internet, which is a contributing factor to its continuing popularity since 1996. Typically, Apache runs on Linux, though Windows is also supported. Apache's relatively slow process-based model has been improved upon in recent decades by the event-driven alternatives from companies like LiteSpeed and Nginx.

Typically, application delivery is a web-based service, through which data is processed and computed in a cloud environment or data center, and then executed through application clients to end users over the internet. Functionality is meant to be quick and efficient.

In the past, application delivery was restricted to hardware solutions, but nowadays you can find software based Application Delivery Controllers (or, ADCs). These software ADCs bring optimization by automating the deployment of additional ADCs as required. Enterprises may use ADCs to create highly scalable models which provide load balancing, security, and a more reliable user experience.

An Application Delivery Network (or, ADN) is similar to the more familiar Content Delivery Network (CDN), however CDNs focus on static content, while ADNs handle dynamic content. Both CDNs and ADNs exist for the purpose of optimizing content delivery. At the data center end of an ADN is the Application Delivery Controller (ADC). ADNs feature performance-maximizing technologies that, when deployed together, provide availability, security, visibility, and acceleration to clients.

An Application Delivery Controller (or ADC) is a network device in a data center, and is often part of an Application Delivery Network (ADN). ADCs are used to enhance performance through measures that include load balancing, caching, compression, and offloading of SSL processing. In a data center, ADCs are often placed between the firewall and one or more application servers, in an area known as the DMZ.

Often the terms Application Server and Web Server are used interchangeably, though they are not the same thing. The biggest difference between them is that a web server handles HTTP requests and is meant for static content, while an application server executes business logic using any number of protocols (including, sometimes, HTTP) and is suitable for dynamic content. Most application servers have a web server integrated into them, which means that an application server is capable of any function that a web server is capable of, and then some.

Application servers support Connection Pooling, Object Pooling, Transaction Support, Messaging services, and more. Most production environments use a web server as reverse proxy to the application server. This allows static content to be served quickly by the web server, while the app server handles the dynamic portion of the request.

A ‘brute force’ login attack is a type of attack against a website to gain access to the site by guessing the username and password, over and over again.

WordPress is the most popular CMS and therefore it’s a frequent target of this type of attack. The wp-login.php and xmlrpc.php pages are the most common target of brute force attack by POST method. WordPress doesn’t have any built-in protection to prevent this, hence the need for a third-party solution.

LiteSpeed Web ADC has a built-in WordPress brute force attack protection system. It will protect shared hosting WordPress environments from large-scale brute force attacks, which have the potential to bring down entire servers.

Bubblewrap is a lightweight sandbox application written by Flatpak to implement Linux namespaces. This gives the application a full sandbox, which includes operating-system-supported isolated mounts, user/group IDs, interprocess communications, users, cgroups, host names and more.

Similar to, but perhaps less comprehensive than, CloudLinux CageFS, a bubblewrap'd process is utterly independent. Thus significantly reducing the opportunities for an attack.

Simply put, caching temporarily stores a snapshot of recently-used information so that the snapshot may be re-used. This saves the system from repeatedly generating the same information. It improves efficiency, shortens data access times, reduces latency and improves system performance. Users are able to access the information more quickly, leading to an improved user experience.

Due to popular demand, we have created a dedicated website for LiteSpeed Cache and its plugins!

A cache plugin is add-on software for a web application that facilitates the caching of static HTML pages generated by the web app. Via the cache plugin, an web app is able to serve up static HTML upon user request, instead of forcing the user to wait for the content to be dynamically generated.

A Certification Authority (also called a Certificate Authority or CA) issues digital certificates, which serve as the subject's proof of ownership for a public key. CA's act as a trusted third party, and conducts digital certificate signing securely through HTTPS.

When an applicant wishes to apply for a digital identity certifican from a certificate authority, a certificate signing request (CSR) is one of their first steps. A CSR is generated on the server where the certificate will be installed, and contains such information as the organization name, domain name, city, region and country. Also included is a public key, which is an encoded block of text that is given to the CA as part of the application. With the creation of the CSR a private key is created as well. The public key and private key together are known as a key pair.

Cloud hosting refers to a type of server configuration. The simplest example of cloud hosting is a network of virtual servers that tap into an underlying network of physical servers. This setup results in a scalable, reliable, and affordable hosting solution.

Clustering is achieved by placing a load balancer in front of multiple computers (aka nodes) so that they appear to be a single virtual machine to clients. The load balancer accepts client requests and distributes them to the nodes in a manner that keeps any one node from being too much busier than any other.

Clustering provides an easily-scalable, as you can easily add more servers to meet increased demand. It is a cost-effective hardware solution for improving a website or application's performance and reliability.

Clustering may be configured in multiple ways, the simplest being Round Robin. In this setup, requests are distributed sequentially across the nodes in the cluster. Other clustering configurations implement Layer 7 load balancing where different types of specialized machines can direct traffic to the appropriate server based on the type of content requested. For example, requests for video may be routed to a streaming media server, while requests for shop prices or inventory may be sent to a database application.

It's relatively easy to maintain a clustered environment, even during business hours. Nodes in a clustered environment can be taken offline for service and upgraded as needed, while the remaining nodes service user requests.

A CDN, or Content Delivery Network, is a cluster of geographically distributed servers, intended to optimize the delivery of web content to user. Geographically, the closer a CDN server is to a user, the faster the content delivery will be. Additionally, some CDN services are helpful at relieving large surges in traffic and mitigating DDoS attacks.

cPanel is a popular Linux-based hosting control panel. The web interface allows users to quickly and easily configure many web server and account settings.

A tiered structure facilitates the use of cPanel by users at varying levels, from administrator to end user, and gives each user access to only the settings revelant to his or her role. This setup makes it simple for users to manage their own hosting with minimal technical knowledge.

Critical CSS is the minimum set of blocking CSS required to render the first screen's worth of content to the user.

Cookies can be secured by properly setting cookie attributes. These attributes are:

• Secure, which prevents the cookie from being sent over HTTP. It may only be sent via a secure HTTPS connection.
• Domain, which signifies the only domain for which the cookie is valid and can be submitted with every request for this domain or its subdomains.
• Path, which signifies the URL or path for which the cookie is valid.
• HTTPOnly, which prevents client-side scripts from accessing the cookie.
• Expires, which signifies how long the browser should use the persistent cookie and when the cookie should be deleted.
• SameSite, which governs the usage of cookies in a first-party or third-party context. SameSite=none specifically states that the cookie is for third-party usage. Other options are strict, which indicates first-party only, and lax which means the cookie may be sent from another site, if it is referencing your site's content.

DPLPMTUD stands for Data Packetization Layer Path Maximum Transmission Unit Discovery. It is a way for a transport protocol to figure out the maximum size of a single packet. QUIC, which performs packetization by itself, is the perfect use case for this mechanism.

The search for DPLPMTUD is performed by constructing and sending probe packets. These are packets whose size is larger than PLPMTU. If the peer acknowledges receipt of the probe, increase PLPMTU; otherwise, decrease the ceiling.

Domain Name System (DNS) Load Balancing is a server configuration by which DNS request are distributed across the servers. This creates a highly available, well-performing DNS infrastructure.

Under this system DNS servers are monitored and removed from service if failure is detected. All servers are behind a single external IP, and so DNS servers can be removed for maintenance at any time, without affecting current requests. Similarly, servers may be added dynamically when needed.

An ECC SSL certificate is similar to a traditional RSA SSL certificate with the exception of using Elliptic Curve Cryptography (ECC) for it's key exchange and signing operations.

ECC certificates can achieve the same level of security as RSA certificates, but at a much smaller size. Plus, ECC is easier to encrypt/decrypt than RSA, which is especially attractive for mobile users, who may have underpowered processors.

Because of the smaller key size with an ECC certificate, less data is transmitted from the server to the client during the SSL handshake. ECC certificates also requires less CPU and memory, increasing network performance and making a potentially large difference on high-volume or high-traffic sites.

Elliptic Curve Cryptography (ECC) works on the assumption that while it is possible to compute a point multiplication, it is conversely almost impossible to compute the multiplicand given only the original and product points. The difficulty can be dramatically ramped up with the size of the elliptic curve.

The main purpose of Edge Side Includes (ESI) is to address the problem of web infrastructure scaling. It allows the transparent management of online content across application servers, content management systems (CMS) and content delivery networks (CDN). It's a simple markup language originally proposed by Akamai, Oracle and a group of other companies.

ESI allows an application to set apart sections of a page, and offload the processing of those sections from the application to an edge server. ESI is designed to resolve caching issues that are caused by frequently-changing content, such as that found in catalogs, forums, login pages or other personalized content. With ESI, an uncacheable portion can be split off into a separate request, while the larger portion of the page can be cached. Allowing most of the page to remain cached results in lower costs and faster load time, and it helps to relieve server load during high volume traffic spikes.

In an event-driven framework, a server employs one process (or very few processes) to handle all events that pop up — new requests coming in and new dynamic responses ready to go out. The server concerns itself not with creating new processes to handle every aspect of every connection, but with reacting to events that occur. This is faster and consumes significantly less CPU and memory than a process-based server, which requires a new process to be created for each request.

A web server built with an event-driven architecture fields a request and forwards it to an external process. Then, instead of waiting around for a dynamic response, it continues to field more requests. When an external process response is ready, the server gets a callback. The event-driven server then sends the external response back to the requesting client.

`ForceSecureCookie` is a LiteSpeed Web Server directive, which functions similarly to an Apache `Header Edit Set-Cookie` directive.

Set ForceSecureCookie in the Apache config file at the server or virtual-host level, or in the .htaccess of the document root directory, and assign one or more of the following values:

• off
• on or secure
• httponly
• same_site_lax or lax
• same_site_strict or strict
• same_site_none

A Full Page Cache is a type of caching whereby dynamically-generated content is stored as a static HTML snapshot and served in response to user requests, until the static file expires. This method helps to boost the performance of websites by eliminating the need to dynamically generate pages on every visit.

High availability (HA) refers to systems that have a long uptime. An HA configuration provides a failover setup for multiple nodes. When one node is temporarily unavailable, other notes will automatically detect and take over their traffic. HA systems are durable and likely to operate continuously without failing for long duration.

HTTP stands for "HyperText Transfer Protocol." It is a stateless protocol which defines how messages are formatted and transmitted, and what actions web servers and browsers should take in response to various commands.

HTTP was developed by Tim Berners-Lee at CERN in 1989, and has become the foundation of data communication for the World Wide Web.

In 2015, the Internet Engineering Task Force (IETF) defined a major revision of the HTTP network protocol used by the World Wide Web. This revision is referred to as HTTP/2, and was derived from the Google's experimental SPDY protocol. It is not a ground-up rewrite of the original HTTP. Methods, status codes and semantics remain the same, and it should be possible to use the same APIs with either protocol.

HTTP2's focus is on performance, specifically end-user perceived latency, and network/server resource usage.

HTTP/3 is the proposed third version of the Hypertext Transfer Protocol (HTTP), which is used to exchange binary information on the World Wide Web. In November 2018, the first successful HTTP/3 interoperability test was performed by LiteSpeed Technologies and Facebook, but the protocol is still experimental. As of mid-2019, The IETF is still defining what HTTP/3 will look like.

HTTP/3 builds on UDP, unlike previous HTTP versions which are TCP-based, and aims to solve constraints within the existing internet infrastructure.

Hypertext Transfer Protocol Secure (HTTPS) is an extension of HTTP using Transport Layer Security (TLS) encryption. It is sometimes referred to as HTTP over TLS, or HTTP over SSL. It is widely used for secure Internet communication.

The main purpose of HTTPS is authentication and privacy protection while data is in transit. It guards against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering.

HTTPS is now used more often by web users than the original non-secure HTTP.