Allow/Deny IP on OpenLiteSpeed

Question

I want only allow from 127.0.0.1/localhost/0.0.0.0, but i tried with Access Control and .htaccess

And

order deny, allow 

deny from all 

allow from 127.0.0.1

Its doesnt work!

Answer 1

That deny allow rule won't work in OpenLiteSpeed.

For access control , make sure you have empty server-level access control list , and vhost -level won't override it.

[root@test ~]# cat /etc/hosts
127.0.0.1 mask.domain

[root@test ~]# curl -I -XGET http://mask.domain
HTTP/1.1 200 OK
Etag: "5-5d42a8ce-e18f0;;;"
Last-Modified: Thu, 01 Aug 2019 08:54:38 GMT
Content-Type: text/html
Content-Length: 5
Accept-Ranges: bytes
Date: Thu, 01 Aug 2019 08:58:50 GMT
Server: LiteSpeed
Connection: Keep-Alive

[root@test ~]# echo "123.456.789.000 mask.domain" > /etc/hosts
[root@test ~]# curl -I -XGET http://mask.domain
HTTP/1.1 403 Forbidden
Content-Type: text/html
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 1139
Date: Thu, 01 Aug 2019 08:59:14 GMT
Server: LiteSpeed
Connection: Keep-Alive

The access control works on me , when I use hosts file to set to 127.0.0.1 - domain , it's 200 OK , and when I set it with public IP , it goes to 403 error.

Alternative way:

Use rewrite rule , like this:

RewriteEngine On

RewriteCond %{REMOTE_HOST} !^127\.0\.0\.1

RewriteRule .* - [F]

If you are going to use rewrite rule , make sure you have restarted OpenLiteSpeed once you changed the rules.

Best regards,