litespeed http server review
SO the last few months I been trying like crazy to tweak Apache or find a better http setup such as running lighttpd with Apache, etc. I have been frustrated by the way Apache easily fork bombs under any decent load or dos attack. You get about 100 bots all making 30+ connections a piece on Apache and it kills it.
Bot kids have adapted to ddos protection and connection flooding banning by sending low bandwidth attacks that do not make enough connections to get banned if you do have protection, its real low bandwidth incoming but is like a massive vampire attack outgoing. And it destroys Apache no matter what you do, what modules you have, etc. You basically have to go in and manually ban or set your connection tracking limit down to where it starts banning regular users too.
So I seen on here somewhere someone recommending litespeed to someone so I went and checked it out and was amazed by the performance. I installed the trial enterprise in a p4 server I been having problems out of lately crashing all because a busy site and I installed it in my main server.
The only thing I needed to do was compile my own php5 for it, which is real easy via their wiki instruction. After a few snags here in there I finally got it working tip top on both servers, both of which are cpanel.
So with the p4 that was always crashing and keeping hi load, We would end up having to remote reboot that box almost once a week not due to any misconfiguration or wrong setup, just couldnt take all that Apache usage and would die. We instantly noticed a difference with litespeed. The average load used to be about 1-2 always, with litespeed the average stayed about ..2 even under heavy traffic. So this was a big improvement and we have not had to reboot that box since.
My main server which I take my high risk clients on, core2duo 2.4. I thought there for a Lil bit the sites were starting to outgrow the server as its average load always was around 1 which was fairly acceptable seeing the traffic it gets so normal for Apache. During the low bandwidth ddos attacks I would have to go in and manually ban as well as setting connection limit way down just to keep it from lagging, most of the time it still did. So I was really wanting to do something for this server to optimize http without upgrading, because it seems most of your hardware upgrades are to suit Apache anyway.
So I installed litespeed on my main server, ran into a few snags here and there but eventually got it under control. Just the last few days I got to see it put to the test. I took on a client who was being extorted by a ddoser who recently got him kicked off his previous host. SO as soon as dns resolves here comes the crapstorm. A low bandwidth http attack, a lot got by ddos firewall on the network level which these are hard to stop because they are so similar to a legit user.
So I started getting hundreds of csf connection tracking blocked emails, was checking the site periodically and it loaded fine. So I logged in the box, looked at the load. Was at .24. When I done netstat command there was hundreds of syns coming in and about 250 ips all connected about 50 times, this would normally kill Apache no matter what CPU/ram and all that you have. So I set connection tracking down to a reasonable level, 60 connections and I figured I would just let them get themselves banned. Looking in the live stats in the litespeed admin panel which is real cool BTW. I was seeing about 400 requests a second. This was eating a Lil bandwidth, all outgoing as that is how the attack works like a massive vamp attack. So about 2000 connection tracking emails later finally gets em all banned. The entire time the load on that box never even got to 1!
So im pretty much amazed how fast and light this http server is. And especially how well it handles dos. I about know for a fact even if you was on a non protected network it could handle as much http as your pipe will give it, and do all this at a low resource load.
This will end up saving me money on hardware upgrades in the future as well. Long review, long story, but I been so amazed by this http server I had to make a review on it. Im sure some geniouses will try to say "If you do this and that with apache you can make it just as good" But check it out for yourselves and see.