Securing PHP is a must nowadays. There are many cases about php exploiting.
And we need to take steps to make sure weak applications are not compromised on the server leading to bigger problems.
LiteSpeed web server is an Apache interchangeable, full-featured high performance,
secure HTTP server specifically engineered from the ground up with security and scalability in mind.
However, setting up Litespeed + PHP5 on FreeBSD has some troubles. This is caused by a bug with
PHP configuration on FreeBSD. This bug will makes you in deep trouble if you wanna build PHP PEAR library
or build matching php opcode cache like APC or eAccelerator or any additional extensions later.
Please see this post error on make install PHP

Don't worry, I'll be here for you :) I got success when try this on php 5.1.4, 5.2.3, but I failed to install using PHP 5.2.4.
Enough talk, lets get into the jungle.

A. LITESPEED INSTALL

Installing Litespeed is pretty easy.
1. Go to your source directory where we want to download litespeed and compile it.
cd /usr/src
2. Now download Litespeed and extract it

3. Enter to litespeed source directory and run install script

This install script will bring you to the step-by-step configuration. This is how it looked like.
You can decide whether to install php or not in this step. Please note that default litespeed PHP version is 4.4.*,
so it will be better if we choose no.

LiteSpeed Web Server started successfully. Don't be happy, coz we still haven't been at the end of the road yet.

B. PHP5 INSTALL AND PATCH

1. This tutorial assumes that you have installed mySQL on your machine. If you haven't, read this Quick way installing MySQL
First off download what you need. I use PHP 5.2.3 here, coz I have not successed yet to install php 5.2.4 on FreeBSD.

OR if you dont want to download them one by one, use this version. Don't worry it's safe.
wget http://download.medialayer.net/public/lsphp-5.2.3-suhosin-choon-lsapi4.tar.gz
Be careful, lsphp-5.2.3-suhosin-choon-lsapi4.tar.gz is already patch.
2. Uncompress PHP
tar xvjf php-5.2.3.tar.bz2
if you downloaded php-5.2.3.tar.gz, use: tar zxvf
3. Begin Patching the source

4. Maybe other people suggest you to enter sapi directory, download and configure php-litespeed.
We'll do that later, ok?
So, lets get to the next part. We still have more things to do here.
Install CGI version of PHP first. To install the CGI version of PHP, just configure PHP without neither '--with-litespeed' nor '--with-axps', the rest is the same, it will build the CGI version of PHP.
I'd implement some configure options here, you don't need to have the same options with me.
Ok, lets do it.

huh??, error? What's the error message? Don't panic.
Maybe your PHP missed some libraries on your machine or maybe it didn't find them.
For example if it missed jpeg lib or png, just install them from ports.

If it wasn't both, go googling :p
5. Now, compile it using make.
make
Compiling PHP will take some time, take some milk.
(some minutes later)
6. Now, make install.
What do 'make install' do here is to copy PHP binary and other files needed to their location.
It was provided by --prefix= and other options when you configuring your PHP source.
Now, type this
make install
Done. PHP is installed as CGI.
Go to next page for installing php-litespeed


7. This step is downloading and compiling php-litespeed

If it said you need autoconf-2.13, go install it.

8. Now, configure the PHP source with option similarly with step 4, but with --with-litespeed
./configure --with-litespeed '--prefix=/usr/local/php5' --enable-discard-path '--with-config-file-path=../php/' '--with-config-file-scan-dir=/etc/php.d' --enable-magic-quotes --enable-versioning --enable-libxml '--with-libxml-dir=/usr/local/include/libxml2/' --with-zlib --with-openssl '--with-mysql=/usr/local/' --enable-exif --with-gd '--with-jpeg-dir=/usr/local/lib' '--with-png-dir=/usr/local/lib' --with-ttf '--with-freetype-dir=/usr/local/include/freetype2/' --enable-gd-native-ttf '--with-gettext=/usr/local/lib/' --enable-spl --enable-reflection --enable-shmop --enable-sockets --with-regex=php --with-pcre-regex --enable-bcmath --enable-mbstring '--with-mcrypt=/usr/local/lib' --enable-sysvsem --enable-sysvshm --enable-sysvmsg --with-pear --with-zend-vm=CALL --target=i386-unknown-freebsd If it said 'Thank you for installing PHP' and no unknown configure options, congratulation, go to next step.

8. Compile PHP, this will take some times too. Go get your second milk :)
make
9. Welcome back! Copy php binary to litespeed installation directory

10. Test the new lsphp binary. Notice (litespeed) in the output.

If there is litespeed and Suhosin, it means your suffering is over.
11. Don't forget to restart litespeed
/usr/local/lsws/bin/lswsctrl restart
For maximum security and performance, we want to apply suhosin extension.
Enter source directory.
cd /usr/src/
Do ls -al, notice that we had downloaded suhosin-0.9.20.tgz before. If you had not, type
wget http://www.hardened-php.net/suhosin/_media/suhosin-0.9.20.tgz
Now extract, compile, and install it as PHP extension.

It will say something like installed in /usr/local/lib/php/extensions/no-debug-non-zts-20060613
Copy this path enter put it in extension_dir directive inside /usr/local/lsws/php/php.ini
or you can just copy suhosin.so file to where the extension_dir directive setted.
Open /usr/local/lsws/php/php.ini and add these lines:

Now, as far as further php configuration it really depends on what all you need and use. Tweak it as you need.
Restart Litespeed and you're done.
/usr/local/lsws/bin/lswsctrl restart

 

References:
http://www.litespeedtech.com/support/wiki/doku.php
http://litespeedtech.com/support/forum/showthread.php?t=1340