BFCM discount limited time 25% off on our life-time plans using code: LMT25
Try our free employee tracking app! Sign up now – click here
  • 00Days
  • 00Hours
  • 00Minutes
  • 00Seconds
Login
Get Started Free

CyberPanel OpenLiteSpeed Module – Complete Usage Guide

  • Updated on

Table of Contents

Get up to 50% off now

Become a partner with CyberPanel and gain access to an incredible offer of up to 50% off on CyberPanel add-ons. Plus, as a partner, you’ll also benefit from comprehensive marketing support and a whole lot more. Join us on this journey today!

Become a Partner

Version: 2.2.0 | Last Updated: December 28, 2025 | Status: Production Ready

Introduction

The CyberPanel OpenLiteSpeed Module brings Apache .htaccess compatibility to OpenLiteSpeed servers. Use familiar Apache directives without switching web servers.

Quick Start

  1. Module is pre-installed on CyberPanel servers
  2. Create .htaccess in your website’s public_html directory
  3. Add directives from this guide
  4. Test using curl or browser

1. Header Directives

HTTP headers control browser behavior, caching, security, and more.

Supported Operations

OperationPurposeSyntax
setSet header (replaces existing)Header set Name "Value"
unsetRemove headerHeader unset Name
appendAppend to existing headerHeader append Name "Value"
mergeAdd if not presentHeader merge Name "Value"
addAlways add (allows duplicates)Header add Name "Value"

Security Headers Example

# Prevent clickjacking
Header set X-Frame-Options "SAMEORIGIN"

# Prevent MIME sniffing
Header set X-Content-Type-Options "nosniff"

# Enable XSS filter
Header set X-XSS-Protection "1; mode=block"

# Control referrer
Header set Referrer-Policy "strict-origin-when-cross-origin"

# Hide server info
Header unset Server
Header unset X-Powered-By

Cache Control Headers

# Cache for 1 year (static assets)
Header set Cache-Control "max-age=31536000, public, immutable"

# No caching (dynamic content)
Header set Cache-Control "no-cache, no-store, must-revalidate"

CORS Headers

# Allow cross-origin requests
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"

2. Request Header Directives

Modify headers before they reach your PHP application.

OperationSyntaxResult
setRequestHeader set Name "Value"$_SERVER['HTTP_NAME']
unsetRequestHeader unset NameHeader removed

Behind Proxy Configuration

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-SSL "on"
RequestHeader set X-Real-IP "%{REMOTE_ADDR}e"

3. Environment Variables

DirectivePurposeSyntax
SetEnvSet static variableSetEnv NAME value
SetEnvIfConditional setSetEnvIf attribute regex VAR=value
BrowserMatchDetect browserBrowserMatch regex VAR=value

Example Usage

# Application settings
SetEnv APPLICATION_ENV production
SetEnv DEBUG_MODE off

# Browser detection
SetEnvIfNoCase User-Agent "mobile|android|iphone" IS_MOBILE=1
BrowserMatch "Chrome" IS_CHROME=1

4. Access Control

Restrict access based on IP addresses.

DirectiveSyntax
OrderOrder deny,allow or Order allow,deny
AllowAllow from IP/CIDR
DenyDeny from IP/CIDR

Block All Except Specific IPs

Order deny,allow
Deny from all
Allow from 203.0.113.50
Allow from 192.168.1.0/24

Allow All Except Specific IPs

Order allow,deny
Allow from all
Deny from 198.51.100.50

5. Redirect Directives

DirectiveSyntaxUse Case
RedirectRedirect [code] /old /newSimple redirects
RedirectMatchRedirectMatch [code] regex targetPattern-based

Examples

# Simple redirect
Redirect 301 /old-page.html /new-page.html

# Pattern-based
RedirectMatch 301 ^/blog/(.*)$ /news/$1

6. Error Documents

ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 403 "Access Denied"

7. FilesMatch Directives

Apply directives to files matching a pattern.

Tech Delivered to Your Inbox!

Get exclusive access to all things tech-savvy, and be the first to receive 

the latest updates directly in your inbox.

Cache Static Assets

<FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|ico)$">
    Header set Cache-Control "max-age=31536000, public, immutable"
</FilesMatch>

<FilesMatch "\.(css|js)$">
    Header set Cache-Control "max-age=604800, public"
</FilesMatch>

8. Expires Directives

ExpiresActive On
ExpiresByType image/jpeg A31557600
ExpiresByType text/css A2592000
ExpiresByType application/javascript A2592000

9. PHP Directives

DirectiveSyntaxPurpose
php_valuephp_value name valueNumeric/string values
php_flagphp_flag name on/offBoolean values

WordPress Configuration

php_value memory_limit 256M
php_value max_execution_time 300
php_value upload_max_filesize 64M
php_value post_max_size 64M
php_flag display_errors off
php_flag log_errors on

WooCommerce Configuration

php_value memory_limit 512M
php_value max_execution_time 600
php_value max_input_vars 10000

10. Brute Force Protection

Built-in WordPress login protection against password guessing attacks.

Quick Enable

BruteForceProtection On

Directives Reference

DirectiveValuesDefaultDescription
BruteForceProtectionOn/OffOffEnable protection
BruteForceAllowedAttempts1-100010Max attempts per window
BruteForceWindow60-86400300Time window (seconds)
BruteForceActionblock/log/throttleblockAction when exceeded
BruteForceXForwardedForOn/OffOffUse real IP behind proxy
BruteForceWhitelistIP list(empty)Bypass for trusted IPs

Progressive Throttle (v2.2.0)

When using BruteForceAction throttle:

Over-Limit AttemptsDelay
1-22 seconds
3-55 seconds
6+15 seconds

Recommended Configuration

BruteForceProtection On
BruteForceAllowedAttempts 5
BruteForceWindow 300
BruteForceAction throttle
BruteForceXForwardedFor On

With IP Whitelist

BruteForceProtection On
BruteForceAllowedAttempts 3
BruteForceWindow 900
BruteForceAction block
BruteForceWhitelist 203.0.113.50, 192.168.1.0/24

Complete WordPress .htaccess

# Security Headers
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header unset X-Powered-By

# Brute Force Protection
BruteForceProtection On
BruteForceAllowedAttempts 5
BruteForceWindow 300
BruteForceAction throttle

# Cache Static Assets
<FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|ico)$">
    Header set Cache-Control "max-age=31536000, public, immutable"
</FilesMatch>

<FilesMatch "\.(css|js)$">
    Header set Cache-Control "max-age=2592000, public"
</FilesMatch>

# PHP Configuration
php_value memory_limit 256M
php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_flag display_errors off

# WordPress Rewrite Rules
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Troubleshooting

Directives Not Working

# Check module installed
ls -la /usr/local/lsws/modules/cyberpanel_ols.so

# Restart OpenLiteSpeed
/usr/local/lsws/bin/lswsctrl restart

# Check logs
tail -50 /usr/local/lsws/logs/error.log

.htaccess Permissions

chmod 644 /home/yourdomain.com/public_html/.htaccess
chown nobody:nogroup /home/yourdomain.com/public_html/.htaccess

Brute Force Not Triggering

# Check shared memory
ls -la /dev/shm/ols/

# Create if missing
mkdir -p /dev/shm/ols && chmod 755 /dev/shm/ols

# Restart
/usr/local/lsws/bin/lswsctrl restart

Quick Reference

Headers

Header set Name "Value"
Header unset Name

Access Control

Order deny,allow
Deny from all
Allow from 192.168.1.0/24

Redirects

Redirect 301 /old /new
RedirectMatch 301 ^/blog/(.*)$ /news/$1

PHP

php_value memory_limit 256M
php_flag display_errors off

Brute Force

BruteForceProtection On
BruteForceAllowedAttempts 5
BruteForceAction throttle

Support

Module Version: 2.2.0 | Last Updated: December 28, 2025

Editorial Team
The CyberPanel editorial team, under the guidance of Usman Nasir, is composed of seasoned WordPress specialists boasting a decade of expertise in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Since its establishment in 2017, CyberPanel has emerged as the leading free WordPress resource hub in the industry, earning acclaim as the go-to "Wikipedia for WordPress."
Unlock Benefits

Become a Community Member

Join Now
SIMPLIFY SETUP, MAXIMIZE EFFICIENCY!
Setting up CyberPanel is a breeze. We’ll handle the installation so you can concentrate on your website. Start now for a secure, stable, and blazing-fast performance!
Claim Your Solution