Allow access to file only from the server itself

I'm trying to allow only the server itself to run wp-cron.php and deny this file for the rest of the world, so what I did:

RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule wp-cron.php$ - [F,L]

But it doesn't work, any suggestions please?
Also I set:

RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1
RewriteCond %{REQUEST_URI} wp-trackback.php|xmlrpc.php|wp-cron.php [NC]
RewriteRule .* - [F,L]

  • /xmlrpc.php - returns 403 as expected;
  • /wp-trackback.php - returns 403 as expected;
  • /wp-cron.php - shows white page like it always does without any restrictions...


The rules seems ok. Have you restart OLS to apply rule changes in .htaccess?
If still issue, you can turn on rewrite log to see what's going on.