FCGI Security and Tweaking

M

markb1439

Well-Known Member
#1
#1
I know that, in cPanel, the default FastCGI configuration is said to be insecure because the PHP binary is in each virtual host. In addition, it's said that there is a lot of configuration required to make sure that unused PHP processes do not remain too long.

If I compile EasyApache with FastCGI and activate SuEXEC, and then I switch to LiteSpeed, do these same problems exist? Or does LiteSpeed handle FCGI more securely? And, in LiteSpeed, what settings do I need to tweak?

Thanks,

Mark
 
M

markb1439

Well-Known Member
#3
#3
Thanks.

Let me clarify...what is the best way for me to set up the best LiteSpeed configuration for performance and security...

I am used to compiling in EasyApache. Should I continue to do it with suPHP, or should I use FCGI, or does it not even matter which one I choose, since LSAPI will be used in LiteSpeed anyway? Do I need to choose suEXEC in EasyApache, or does that not matter either (because LiteSpeed's architecture will be used instead).

Also, if I use LiteSpeed's cache feature, do I also need an opcode cache, or is that not necessary?

Thanks,

Mark
 
W

webizen

Well-Known Member
#4
#4
LSAPI + suEXEC is the best setup you can get (combine with performance and security). You may reference this benchmark comparison:

http://blog.litespeedtech.com/2010/01/

For it to work, you should continue to use suPHP and choose Apache suEXEC since LSWS read Apache configurations from cPanel/WHM.

LiteSpeed cache is for page caching. Opcode cache is still needed.
 
M

markb1439

Well-Known Member
#5
#5
Thank you.

Which opcode cache would you recommend? Will it work even though I compiled with suPHP? I know that, on Apache, an opcode cache will not work with suPHP.

Mark
 
You must log in or register to reply here.
Top