How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

After installing OpenLitespeed with DirectAdmin you may want to access the OpenLitespeed Admin Dashboard to view or check settings, etc. The dashboard is accessed by changing the access port to 7080 – serverdomain.com:7080, but you will generally find that you are unable to access the dashboard. Although the default access setting for the OpenLitespeed Admin Dashboard is enabled in the /usr/local/lsws/conf/httpd-defaults.conf file, dashboard access will be blocked when accessed as the port not been opened within your server firewall settings.

In this guide, we will show you how to enable access to the OpenLitespeed Admin Dashboard by opening the port in ConfigServer Security & Firewall (CSF), disable access to the Admin Dashboard by changing the option in the httpd-defaults.conf file and closing the port in ConfigServer Security & Firewall (CSF) and how to lock down access to the Admin Dashboard to only allow access to your IP address or range of IP addresses.

How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

Enable OLS Admin Dashboard

Since DirectAdmin Version 1.61.0, ConfigServer Security & Firewall (CSF) is now fully integrated into the DirectAdmin control panel and is installed by default when using the ./setup.sh auto install command. However, you will still need to add the port 7080 to the CSF configuration file csf.conf to enable OpenLitespeed Admin Dashboard access.

You can manually edit the CSF configuration file using /etc/csf/csf.conf or the easiest way to complete this is using ConfigServer Security & Firewall GUI which can be found under the Extra Features section in the DirectAdmin dashboard.

How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

Scroll down to the csf – ConfigServer Firewall section and click the Firewall Configuration to edit the CSF configuration file.

How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

In the configuration file move down to the IPv4 Port Settings and add 7080 in the TCP_IN = option.

How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

If your server uses IPv6 you will need to add the port 7080 to the TCP6_IN = under the IPv6 Port Settings as well.

How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

Once you have added the 7080 port to the IPv4 and IPv6 Port Settings, scroll down to the bottom of the configuration file and click the Change button to apply the changes to the configuration file, open access to the port and restart CSF.

Now when you visit the OpenLitespeed Admin Dashboard using the link serverdomain.com:7080, you will be presented with the login screen.

How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

That’s it, you have successfully enabled access to the OpenLitespeed Admin Dashboard by adding the port to the CSF configuration file.

Disable OLS Admin Dashboard

To disable access to the OpenLitespeed Admin Dashboard fully you will need to change the setting disableWebAdmin from 0 to 1 in the httpd-defaults.conf file.

However, as we discussed in our guide How to Add HTTP Security Headers, DirectAdmin splits the OpenLiteSpeed configuration file into multiple include files (or templates) with the httpd-defaults.conf being one, that come together to create single configuration file when the ./build rewrite_confs command is issued.

This also means if we directly edit the httpd-defaults.conf file it will be overwritten every time the ./build rewrite_confs command is issued. We will therefore need to utilise the custom OpenLitespeed configuration option built into custombuild by creating a copy of the httpd-defaults.conf file.

We will firstly need to access the custombuild folder and then create the custom OpenLitespeed folder using the following commands.

cd /usr/local/directadmin/custombuild/
mkdir -p custom/openlitespeed/conf

Now we will need to copy over the httpd-defaults.conf file to the custom OpenLitespeed folder using the following command.

cp -p configure/openlitespeed/conf/httpd-defaults.conf custom/openlitespeed/conf/

After we have copied over the file, we can now edit it using the following command.

nano /usr/local/directadmin/custombuild/custom/openlitespeed/conf/httpd-defaults.conf

In the httpd-defaults.conf file scroll down to the disableWebAdmin option and change the existing setting from 0 to 1. After change the setting you will need to rewrite the OpenLitespeed configuration files using the follow command.

./build rewrite_confs 

Now, using the section above – Enable OLS Admin Dashboard – remove the port 7080 from the ConfigServer Security & Firewall (CSF) configuration file in TCP_IN = section under the IPv4 Port Settings and TCP6_IN = section under the IPv6 Port Settings and click the Change button to apply the changes to the configuration file, remove access to the port and restart CSF.

That’s it, you have successfully removed access to the OpenLitespeed Admin Dashboard using a custom httpd-defaults.conf template and remove the port from the CSF configuration file.

Enable OLS Admin Dashboard Access Control

Sometimes you might want to retain access to the OpenLitespeed Admin Dashboard but would like to limit access to your own IP address or range of IP addresses. Using the in-built option within OpenLitespeed we are able to allow access to the dashboard by allowing or blocking specific IP addresses using the “Allowed List” or “Denied List”.

If the OpenLitespeed Admin Dashboard wasn’t set to read only mode with DirectAdmin you could simply log into the dashboard and navigate to the WebAdmin Settings and in the General tab, add your IP address or addresses to the Access Control section and then apply a graceful restart.

How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

However as we cannot set the IP address directly in the dashboard we will need to adjust the setting using the admin_config.conf. When we disabled access to the dashboard using custom OpenLitespeed configuration option we created a template. Unfortunately, there is no template to adjust the admin settings in the OpenLitespeed Admin Dashboard so we will need to edit the file directly.

In order to add your own IP address to the “Allowed List” or “Denied List” to OpenLitespeed access the admin_config.conf file using the following command.

nano /usr/local/lsws/admin/conf/admin_config.conf

Now scroll down to the accessControl block and change it to add your own IP address or addresses to the allow section which will add these to the “Allowed List”. Make sure the deny section has ALL listed which will block access to any IP address not listed in the allow section above. Once added your admin_config.conf file will look similar to the example below.

accessControl {
  allow             IPADDRESS, IPADDRESS, IPADDRESS
  deny              ALL
}

Note

The access control “Allowed List” is compatible with both IPv4 and IPv6 addresses. As well as accepting individual IP addresses, you can also add subnet to both IPv4 and IPv6 addresses.

With your IP address or addresses added to the “Allowed List” we will need to ensure the admin_config.conf file doesn’t get overwritten when using the ./build rewrite_confs command. We can protect the file using the chattr utility which can set or unset certain attributes of a file, to secure against accidental deletion or modification. To

In order to protect the file and make it read-only we can set the +i attribute using the following command.

chattr +i /usr/local/lsws/admin/conf/admin_config.conf

Note

If in the future you want to remove read-only access from the admin_config.conf file you can replace the +i command with -i so the command will be chattr -i /usr/local/lsws/admin/conf/admin_config.conf.

When you try to access the admin_config.conf file now, you will see the File ‘/usr/local/lsws/admin/conf/admin_config.conf’ is unwritable message meaning the file is now read-only. In order for the changes to take effect we will need to gracefully restart OpenLitespeed using the following command.

service lsws restart && service lsws status

Now log into the OpenLitespeed Admin Dashboard and navigate to the WebAdmin Settings section and under the General tab, scroll down to the Access Control section you will see your IP address or addresses have now been added to the “Allowed List” and “Denied List” show ALL.

How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

When the OpenLitespeed Admin Dashboard is accessed from an IP address not in the “Allowed List”, it will automatically be blocked with a 403 Forbidden error.

How to Enable, Disable and Control Access to the Web Admin Dashboard with OpenLitespeed and DirectAdmin

That’s it. You have enabled access to the OpenLitespeed Admin Dashboard by opening the port in ConfigServer Security & Firewall (CSF) and locked down access to the Admin Dashboard by allowing access with your own IP address or range of IP addresses.

How useful was this guide?

Click on a star to rate it!

Average rating / 5. Vote count:

Be the first to rate this guide.

We are sorry that this guide was not useful for you!

Help us to improve this guide!

Tell us how we can improve this guide?

By VPSBasics

This guide was written by the VPS Basics editorial team, led by Gilberto Van Roosen. They are a unique blend of people, dedicated to providing highly detailed, comprehensive and importantly easy to follow tutorials, written in plain English. They specialise in tutorials for managing Linux servers and its software.

Join the Conversation

Note: Your email address will not be published when posting a comment.

Note: All comments are held for moderation and are reviewed by our editorial team prior to approval.

VPSBasics uses Akismet anti-spam filters to reduce spam across our website. Our website is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Learn how your data is processed.