Ispmanager 6.123: LiteSpeed & WAF Are Here

You asked, we delivered. Ispmanager 6.123 is packed with two long-awaited upgrades: LiteSpeed support and the powerful Web Application Firewall.

LiteSpeed Support

Ispmanager now supports the LiteSpeed web server — a high-performance, drop-in Apache alternative known for its speed, efficiency, and security.

With LiteSpeed, your hosting infrastructure becomes more powerful right out of the box:

• Lower Server Load

Thanks to its event-driven architecture, LiteSpeed handles more connections with less CPU and memory usage, which makes it ideal for high-traffic websites.

• Security & Compatibility

Fully compatible with Apache configurations, including .htaccess, mod_rewrite, and mod_security, LiteSpeed includes built-in protection against brute force attacks. It’s also a huge performance booster for WordPress, with features that improve Core Web Vitals and reduce page load times.

• Infrastructure Savings

By using fewer resources, LiteSpeed helps reduce hardware requirements and lowers operational costs. It runs smoothly even on servers with limited capacity, which means fewer crashes, better uptime, and less strain on support teams.

• Faster Sites, Better Metrics

Built-in caching (LSCache) speeds up sites by up to 10x. LiteSpeed integrates seamlessly with popular CMS platforms like WordPress, Joomla, and OpenCart, helping you boost performance and SEO metrics out of the box.

You can install LiteSpeed in just a few clicks from the ispmanager control panel. If you didn’t select it during the initial ispmanager setup, go to Modules, install the LiteSpeed module, and it will replace your current web server. Step-by-step instructions are available in the documentation.

LiteSpeed licenses are available for purchase directly through ispmanager billing. You can view pricing here.

Web Application Firewall (WAF)

Ispmanager 6.123 also introduces built-in support for a powerful Web Application Firewall. WAF helps protect your sites from common web threats and ensures your hosting environment remains secure.

WAF offers defence against:

• SQL injections
• Cross-site scripting (XSS)
• Remote and local file inclusion
• Command injection and more.

Here’s how it works: the firewall inspects all requests to your web server and checks them against a set of filtering rules. If a request passes, it’s forwarded to the site. If not, the WAF takes action according to the configured policy.

WAF is based on ModSecurity and works with nginx, Apache, LiteSpeed, and OpenLiteSpeed. By default, ispmanager includes free rule sets from COMODO and OWASP. Or, you can upload your own.

To enable WAF in ispmanager, go to Software Configuration → Web Server and turn it on. For a full walkthrough, head to the documentation.

WAF complements ispmanager’s built-in DDoS protection. When both are enabled, traffic is first filtered by anti-DDoS rules, then passed through the firewall. This gives you layered, reliable security against both volume-based and targeted attacks.

***
With LiteSpeed and WAF on board, your hosting environment just got faster, safer, and more flexible than ever. This release is powered by your feedback — let’s keep building ispmanager together!