fbpx

How to set custom/extra headers for OpenLiteSpeed while using CyberPanel

How to set custom/extra headers for OpenLiteSpeed while using CyberPanel

Custom/Extra Header can be used for many proposes like:

  1. Content Security policy
  2. Referrer policy
  3. HSTS (Strict-Transport-Security)
  4. Content-type options

If you are using the LiteSpeed Enterprise server you can add Extra headers to your htaccess file and the server will add it automatically just like you used to do with Apache as it is fully Apache Compatible.

However, if you are using OpenLiteSpeed it has to be done via OpenLiteSpeed WebAdmin or by adding it to vHost configuration for the website via CyberPanel.


Table of Contents

  1. Log in to CyberPanel
  2. Open the website Manager
  3. vHost Configuration
  4. Verify Headers.

Here are the steps to add a custom or extra header via vHost configuration from CyberPanel.


1. Log in to your CyberPanel Server

Visit https://<IP Address->:8090

Enter credentials to log in.


2. Open the website manager:

     2.1 Click on the website and then click on the list websites.

Click on website and then click on list websites

      2.2 Click on the manage button in front of your desired website.

Click on mange button in front of your desired website.


3. vHost Configuration :

   

      3.1 Click the vHost conf from the website manager.

Click the vHost conf from the configurations portion in website manager.

      3.2 Find the block name “context” if it is found add extraHeaders value in it like “extraHeaders Access-Control-Allow-Origin *”.

      3.3 If “context ” block not found in vhost conf file Add the following before the rewrite { } portion.

context / {

extraHeaders Access-Control-Allow-Origin *

}

extraHeader

You can add the value of extraHeaders according to your requirement. 


4. How to verify extraHeaders configuration:

To verify extraHeaders configuration follow the steps:

    4.1 Open Network tab:

        1. Vist your website in any browser and open developer tools.

        2. In developer tools click on Networks tab

Open network tab

         3. Click on the file with your domain name. like(abc.xyz)

Screenshot 9

         4. Go to Network Tab and check headers for any request. You should the extra header you added in vHost conf.

Verify vhost configuration


How to set HSTS (Strict-Transport-Security) in custom the header:

HSTS is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

To set HSTS in custom Header follow the steps:

             => Follow the 1,2 and 3 steps stated above to open the vHost conf file.

             => Add the following before the rewrite { } portion.

context / {

extraHeaders Strict-Transport-Security: max-age=15552000; includeSubDomains; preload;

}

 1. The age parameter tells the browser how long this rule must be cached.
 2. The includeSubDomains should only be added if you want to apply HSTS to subdomains too.
 3. The preload parameter is used for inclusion in Google Chrome’s preload list.

Read More: HOW TO CHANGE TIMEZONE ON LINUX SERVER

Follow US on Facebook / Twitter  for update.

Tags: , , , , , , , , ,

Leave a Reply

Your email address will not be published.