jp208834

Registered
Apr 19, 2022
2
0
1
SA
cPanel Access Level
Root Administrator
I add follows to Apache Global Pre Virutalhost Includes:

<FilesMatch "^(xmlrpc\.php)">
Order Deny,Allow
# Whitelist Jetpack IPs (you can remove/replace all the Allow lines)
Allow from 192.0.64.0/18
Allow from 122.248.245.244
Allow from 54.217.201.243
Allow from 54.232.116.4
Allow from 209.15.0.0/16
Allow from 66.155.0.0/17
Allow from 64.34.206.0/24
Allow from 185.64.140.0/22
Allow from 198.181.116.0/22
Allow from 76.74.248.128/25
Allow from 76.74.255.0/25
Deny from all
</FilesMatch>

To whitelist for one domain, do this(replace the CPANELID and DOMAINNAME)

mkdir -p /etc/apache2/conf.d/userdata/std/2_4/CPANELID/DOMAINNAME
mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/CPANELID/DOMAINNAME

Create a file allowxmlrpc.conf in each above dir:

<FilesMatch "^(xmlrpc\.php)">
Allow from all
</FilesMatch>

Rebuild and restart Apache:

/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
We use litespeed. When whitelist a domain via conf it only works over http and throws a 403 when using https. What could be the reason for this only work with http and not https calls? Any ideas?
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
Hey there! Since the previous post was a few years old, I split this off into a new thread.

Can you let me know which configuration file you were adding the whitelisted domains to? I would expect Litespeed to be fully compatible with all normal .htaccess entries.