I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kweseva ye-Lighttpd 1.4.65

Ukukhishwa kweseva ye-Lighttpd 1.4.65

I-http server lighttpd 1.4.65 engasindi ikhululiwe, izama ukuhlanganisa ukusebenza okuphezulu, ukuphepha, ukuhambisana nezindinganiso kanye nokuguquguquka kokucushwa. I-Lighttpd ilungele ukusetshenziswa kumasistimu alayishwe kakhulu futhi ihloselwe inkumbulo ephansi kanye nokusetshenziswa kwe-CPU. Inguqulo entsha iqukethe izinguquko ezingu-173. Ikhodi yephrojekthi ibhalwe ngo-C futhi isatshalaliswa ngaphansi kwelayisensi ye-BSD.

Okuqanjiwe okuyinhloko:

  • Kungezwe usekelo lwe-WebSocket phezu kwe-HTTP/2, futhi kwasetshenziswa i-RFC 8441, echaza indlela yokusebenzisa iphrothokholi ye-WebSockets kuchungechunge olulodwa ngaphakathi koxhumano lwe-HTTP/2.
  • Isikimu sokuphatha okubalulekile esithuthukisiwe senziwe esivumela iklayenti ukuthi libe nomthelela ekubalulekeni kwezimpendulo ezithunyelwa iseva (i-RFC 9218), kanye nokuphatha izinto eziza kuqala lapho iqondisa kabusha izicelo. I-HTTP/2 inikeza usekelo lozimele PRIORITY_UPDATE.
  • Kuzilungiselelo ze-lighttpd.conf, ukusekela okufanayo okunemibandela nokubophezela ekuqaleni (=^) nesiphetho (=$) kweyunithi yezinhlamvu kungeziwe. Ukuhlola izintambo ezinjalo kushesha kakhulu kunezinkulumo ezivamile futhi kwanele ukuhlola okuningi okulula.
  • Ukwesekwa okwengeziwe kokusebenza kwe-PUT (okuhlanganisa ingxenye yedatha kusetshenziswa unhlokweni Wobubanzi) ku-mod_webdav. Ukuze uyinike amandla, ungasebenzisa inketho ethi ‘webdav.opts += (“partial-put-copy-modify’ => “vumela”)’.
  • Inketho eyengeziwe 'accesslog.escaping ='json'" ku-mod_accesslog."
  • Ukwesekwa okungeziwe kokwakha nge-libdeflate kuya ku-mod_deflate.
  • Isicelo sokudluliselwa komzimba nge-HTTP/2 sisheshisiwe.
  • Inani elizenzakalelayo lepharamitha ye-server.max-keep-alive-requests lishintshiwe lisuka ku-100 laya ku-1000.
  • Ohlwini lwezinhlobo ze-MIME, indawo ye-"application/javascript" ithathelwe indawo "text/javascript" (RFC 9239).

Izinhlelo zesikhathi esizayo zifaka izilungiselelo eziqinile ze-cipher ye-TLS kanye nokukhubaza ama-cipher wefa ngokuzenzakalelayo. Isilungiselelo se-CipherString sizoshintshwa sisuka kokuthi "HIGH" siye kokuthi "EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384". Okunye okuhlelelwe ukususwa izinketho ze-TLS eziphelelwe yisikhathi: ssl.honor-cipher-order, ssl.dh-file, ssl.ec-curve, ssl.disable-client-renegotiation, ssl.use-sslv2, ssl.use-sslv3. Ukwengeza, sizoqhubeka nokuhlanza amamojula amancane, angashintshwa ngokuqaliswa kwe-Lua okuguquguqukayo kwe-mod_magnet. Ikakhulukazi, amamojula mod_evasive, mod_secdownload, mod_uploadprogress kanye mod_usertrack ahlelelwe ukususwa.

Source: opennet.ru

Engeza amazwana