Securing the LiteSpeed Admin Console on CloudJiffy

Securing the LiteSpeed Admin Console on CloudJiffy

Overview

The LiteSpeed WebAdmin Console is a powerful interface used to manage server configuration, security, and performance. For security reasons, access to the Admin Console should be restricted so that only trusted IP addresses can reach it.

This article explains how to secure the LiteSpeed Admin Console on CloudJiffy by configuring Access Control at the server level.

 

 

Prerequisites

  • A CloudJiffy environment with LiteSpeed Web Server (Enterprise) running

  • Access to the LiteSpeed WebAdmin Console

  • Public IP address(es) that should be allowed to access the admin panel

 

 

Step 1: Log in to the LiteSpeed WebAdmin Console

Access the LiteSpeed Admin Console using your environment URL and admin port:

https://<environment-domain>:4848

Log in using your LiteSpeed administrator credentials.

 

Step 2: Navigate to  Configuration

From the LiteSpeed WebAdmin Console dashboard:

  1. Click Configuration

  2. Select security 

  3. Open the Security tab

 

 

 

Step 3: Open Access Control Settings

Scroll down to the Access Control section under the Security tab.

You will see:

  • Allowed List

  • Denied List

Click Edit to modify the access rules.

 

 

 

Step 4: Restrict Access to Trusted IPs

Recommended Secure Configuration

  1. Allowed List

    • Add only trusted IP addresses (one per line), for example:

      192.168.04.24
      192.168.04.25

  2. Denied List

    • Add:

      ALL

This configuration ensures that only the IPs in the Allowed List can access the Admin Console, and all others are blocked.

⚠️ Important
Do not leave ALL in the Allowed List unless you want the Admin Console publicly accessible (not recommended).

 

 

Step 5: Save Configuration

Click Save to apply the changes.

The access control rules take effect immediately—no server restart is required.

 

Conclusion

By configuring Access Control in the LiteSpeed WebAdmin Console, you significantly reduce the attack surface of your CloudJiffy environment. This is a critical hardening step and should be applied immediately after environment creation.

 

Verification

To confirm the configuration:

  • Access the Admin Console from an allowed IP → should work normally

Access from any non-allowed IP → should be denied

Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 11