Security Settings
Learning Focus
By the end of this lesson you will know how to configure server-level security settings including request filtering, path protection, and admin access restrictions.
Server-Level Security Controls
| Setting | Purpose | Recommendation |
|---|---|---|
| Max Request URL Length | Limits URL length to block buffer overflow attempts | 8192 bytes (default) |
| Max Request Header Size | Limits header size | 16380 bytes (default) |
| Max Request Body Size | Limits upload/POST body | Set based on largest expected upload |
| Follow Symbolic Links | Allow symlinks in document roots | Only if needed; can expose files |
| Check Symbolic Links | Verify symlink targets stay within doc root | Enable for security |
Configuring in WebAdmin
- Navigate to Server Configuration → Security
- Review and adjust request size limits
- Configure symbolic link behavior
- Set access denied directories for sensitive paths
- Save and Graceful Restart
Access Denied Directories
Block access to paths that should never be served:
/proc/
/etc/
/usr/local/lsws/conf/
Admin Access Protection
# Restrict WebAdmin port 7080 to your IP only
sudo ufw allow from YOUR_IP to any port 7080
sudo ufw deny 7080
warning
Server security settings are your last line of defense on the server itself. Use them in combination with firewall rules and application-level protections.
Key Takeaways
- Request size limits protect against buffer overflow and abuse attacks.
- Symbolic link controls prevent directory traversal attacks.
- Restrict WebAdmin access with firewall rules — never expose
7080to the public internet.
What's Next
- Continue to Log Settings for configuring access and error logs.