Strict header validation, defend HTTP/2 rapid reset, range request fix

litespeedtech released this 01 Jan 23:31

· 3 commits to v1_7 since this release

[Security] More strict header validations
[Security] Detect HTTP/2 repaid reset attack and disable HTTP/2 for attacking IP.
[Improve] Update libmodsecurity to 3.0.11
[Bug Fix] Fix a HTTP/3 integration issue that causes high CPU usage.
[Bug Fix] Rewrite rule configured in parent directory is disabled due to an empty .htaccess.
[Bug Fix] Address a compatibility issue with Ruby application using Rack 3.0+.
[Bug Fix] Address issue in serving a HTTP range request.
[Bug Fix] Address range request download error.
[Bug Fix] Address PHP possible dead lock error.

Assets 4

Provide feedback