Access control ALLOW/DENY not working?

[chwba]

hello,
im using directadmin.
this is my httpd-accesscontrol.conf:

accessControl{
allow ALL, 4.3.2.1/24T, 1.2.3.4T
deny
}

these two ips are my personal ip and my ddos protection service, it seems it does not work, as i can still contact the server from other ips/ipranges than these.

 

[Pong]

Can you tell me what's your goal? Do you want to enable some CDN service to avoid connection drop?
or you want to visist some domain such as example.com only by your ip, no one else?
Or you want to whitelist your IP from recaptha security feature?

 

[chwba]

Protection against DDos. I want to achieve, that connections to the webserver are only possible through the defined ip ranges as explained in the description about it. https://www.litespeedtech.com/suppo...ed_wiki:config:show-real-ip-behind-cloudflare

 

[Pong]

The wiki shows you how to whitelist CloudFlare from connection drop but it doesn't block any connection from nonCloudFlare lips.


Try:
accessControl{
allow 4.3.2.1/24T, 1.2.3.4T
deny ALL
}

 

[chwba]

I tried setting it up like this, allowing all CloudFlare IPs and denying all others, it results in a cloudflare 520 error

 

[Pong]

It should not unless some misconfiguration. You can log a ticket with tmp root for us to check.