IP Restrictions
Learning Focus
By the end of this lesson you will know how to restrict access to sensitive paths by IP address in OpenLiteSpeed.
Why IP Restrictions Matter
Restricting access by IP is one of the simplest and most effective ways to protect:
- WebAdmin console (port 7080)
- Admin panels (e.g.,
/wp-admin/) - Staging or internal sites
- API endpoints meant for internal use only
Configuring IP Restrictions
Server Level (WebAdmin Console)
# Use firewall rules to restrict WebAdmin access
sudo ufw allow from YOUR_IP to any port 7080
sudo ufw deny 7080
# Verify
sudo ufw status | grep 7080
Virtual Host Level (WebAdmin)
- Navigate to Virtual Hosts → your site → Security → Access Control
- Set Allowed List:
your-ip-address(comma-separated for multiple) - Set Denied List:
*(deny all others) - Save and Graceful Restart
Path-Based Restrictions (via Context)
- Navigate to Virtual Hosts → Context → select admin path
- Set Access Control → Allowed List:
192.168.1.0/24 - Save and Graceful Restart
Common Restriction Patterns
| Path | Who Should Access | Method |
|---|---|---|
| WebAdmin :7080 | You only | Firewall + IP binding |
/wp-admin/ | Your office IPs | Context access control |
| Staging site | Internal team | Vhost access control |
| API endpoints | Known servers | Context + firewall |
warning
Always test restrictions from an unallowed IP before relying on them. A misconfigured allowlist that includes * provides no protection.
Key Takeaways
- IP restrictions are a simple but effective first layer of access control.
- Use firewall rules (UFW/iptables) for port-level restrictions.
- Use WebAdmin access control for path-level restrictions.
- Always test from outside your allowed range.
What's Next
- Continue to Hotlink Protection for preventing unauthorized media embedding.