Using access control

Discussion in 'Install/Configuration' started by tth, Aug 23, 2014.

  1. tth

    tth New Member

    Hello Everyone,

    I am using Litespeed and Cloudflare as a CDN plus proxy for a website.
    I want set a restriction at my server level so that server will only accept request come through Cloudflare and deny all.

    How can I do this.

    I tried using access control feature of litespeed.
    But if I enable this, site and cpanel stats program not able to identify visitor actual IP (client ip in header).

    How can I fix this. Thank in advance.
  2. NiteWave

    NiteWave Administrator

  3. tth

    tth New Member

    I enabled Client IP in Header in Configuration.
    And added cloudflare IP's "Allowed List" and put "ALL" in "Denied List".
    Now tried browsing site, I received error- "The requested resource could not be loaded because the server returned an error:
    403 Forbidden (?)."
  4. NiteWave

    NiteWave Administrator

    can you post the detail info here?
    maybe need put a trailing T to cloudflare's IPs
  5. tth

    tth New Member

    I added IP's in allowed list as below-

    Is this correct format?
  6. NiteWave

    NiteWave Administrator

  7. tth

    tth New Member

    Still same 403 Forbidden error.
  8. NiteWave

    NiteWave Administrator

    I mimic above rules on local litespeed box, looks working -- if the is allow list, even deny list is ALL, still can access from

    so if you remove ALL from "Denied List", there should be no "403 Forbidden" ?

    and can you test on a simple static page, like /readme.html ?
    also be noted, and your server's IP may need put in Allowed List (with trailing T) as well -- some scripts on the server may need access etc.
  9. tth

    tth New Member

    I did all change you suggested, and tested with .txt file.
    But still same.

    It only work if I choose "Trusted IP Only" from "client IP header option". But this way, cpanel and other stats program only identify cloudflare IP as visitor IP.
  10. NiteWave

    NiteWave Administrator

    Hi, I think I've just got the whole picture of this case.

    the best solution should be:
    lsws web admin -> Server -> General -> Use Client IP in Header:Yes

    lsws web admin -> Server -> Security -> Access Control, revert back to default settings
    Allowed List: ALL
    Denied List: (Not Set)

    3.on OS firewall level, implement:
    "server will only accept request come through Cloudflare and deny all."
    this is easy for iptables to do it.

Share This Page