disabling features
- Thread starter sysadm
- Start date
Using Apache we have total mastery over what it loads.
For example mod_include is active ONLY IN CASE OF we type this in our httpd.conf:
LoadModule include_module modules/mod_include.so
As I understand, Litepeed loads it's mod_include ALWAYS and we haven't any control over it. The same poblem we have with other modules. We don't really need ANY control panel in Litespeed. We can edit raw config files, but we want to decide what features should be loaded or not. That is general security rule: don't need it? Don't install it. Don't risk potential security holes.
My question is: how to disable mod_include and other unnecessary modules in Litespeed?
Are there any undocumented configuration directives to achieve this? In Apache it's enough to NOT type 'LoadModule' and this is my reply to question "what you usually do with Apache".
For example mod_include is active ONLY IN CASE OF we type this in our httpd.conf:
LoadModule include_module modules/mod_include.so
As I understand, Litepeed loads it's mod_include ALWAYS and we haven't any control over it. The same poblem we have with other modules. We don't really need ANY control panel in Litespeed. We can edit raw config files, but we want to decide what features should be loaded or not. That is general security rule: don't need it? Don't install it. Don't risk potential security holes.
My question is: how to disable mod_include and other unnecessary modules in Litespeed?
Are there any undocumented configuration directives to achieve this? In Apache it's enough to NOT type 'LoadModule' and this is my reply to question "what you usually do with Apache".
Last edited:
For example:
Options -Includes -ExecCGI
to stop mod_include and CGI.
Options -Includes -ExecCGI
to stop mod_include and CGI.
Options +Includes +ExecCGI
So my question is:
How to (permanently!) disable mod_cgi, mod_includes and others without disallowing user to change "options" directive himself (eg: Options +/-Indexes, Options +/-FollowSymlinks, Options +/-SymLinksIfOwnerMatch).
I'd prefer solution like additional checkbox/radio button (as for frontpage extension) in LS WebConsole.
Last edited:
Hello Mistwang,
This is really big security problem for all shared web hosting providers and I think its a missing feature for Apache web servers. If you could provide us an option to nevermind the .htaccess directives for enabling any cgi and put a disable cgi scripts from all web pages option on the litespeed you will make a huge favor for us.
This is really big security problem for all shared web hosting providers and I think its a missing feature for Apache web servers. If you could provide us an option to nevermind the .htaccess directives for enabling any cgi and put a disable cgi scripts from all web pages option on the litespeed you will make a huge favor for us.