Have a Question?
Installing & Activating the CyberPanel .htaccess Module
What is the .htaccess Module?
The CyberPanel .htaccess Module (cyberpanel_ols.so) is a paid add-on that enables Apache .htaccess file processing on OpenLiteSpeed servers. It allows you to use Apache-style configuration directives without switching to Apache or LiteSpeed Enterprise.
This module is separate from the custom OpenLiteSpeed binary. For details on the custom binary and how these products differ, see: CyberPanel Custom OpenLiteSpeed – Installation & Product Guide.
Pricing
| Term | Price |
|---|---|
| 1 Year | $59 |
| 2 Years | $106 (10% off) |
| 3 Years | $142 (20% off) |
| Lifetime | $199 (one-time, never expires) |
Purchase: cyberpanel.net/cyberpanel-htaccess-module
What’s Included
| Feature | Directives |
|---|---|
| Response Headers | Header set/unset/append/merge/add |
| Request Headers | RequestHeader set/unset |
| Environment Variables | SetEnv, SetEnvIf, BrowserMatch |
| Access Control | Order, Allow, Deny (with CIDR) |
| Redirects | Redirect, RedirectMatch |
| Error Pages | ErrorDocument |
| File Matching | <FilesMatch> with regex |
| Caching | ExpiresActive, ExpiresByType |
| PHP Settings | php_value, php_flag |
| Brute Force Protection | BruteForceProtection On (wp-login.php, xmlrpc.php) |
Works On
- CyberPanel
- Plesk (with OLS)
- cPanel (with OLS)
- Any server running OpenLiteSpeed
Step 1: Purchase a License
- Go to cyberpanel.net/cyberpanel-htaccess-module
- Select your plan (1 Year, 2 Years, 3 Years, or Lifetime)
- Complete payment via Stripe, PayPal, or cryptocurrency
- You will receive a license key in the format:
CP-OLS-XXXX-XXXX-XXXX-XXXX
If you paid via cryptocurrency, your license will be activated manually by our team within 24 hours. You will receive the license key via email.
Step 2: Install the Custom OLS Binary
The .htaccess module requires the CyberPanel custom OpenLiteSpeed binary to function. If you are on CyberPanel, this is already installed automatically via upgrades.
For manual installation or other panels, follow the instructions in our Custom OpenLiteSpeed Installation Guide.
Step 3: Install the .htaccess Module
The module file (cyberpanel_ols.so) may already be present if you upgraded CyberPanel or installed the custom OLS binary. If not, download it manually:
Ubuntu / Debian
cd /tmp
wget -q https://cyberpanel.net/cyberpanel_ols_x86_64_ubuntu.so
# Stop OLS
/usr/local/lsws/bin/lswsctrl stop
# Install module
cp cyberpanel_ols_x86_64_ubuntu.so /usr/local/lsws/modules/cyberpanel_ols.so
chmod 755 /usr/local/lsws/modules/cyberpanel_ols.so
# Start OLS
/usr/local/lsws/bin/lswsctrl startRHEL 9 / AlmaLinux 9 / Rocky Linux 9
cd /tmp
wget -q https://cyberpanel.net/cyberpanel_ols_x86_64_rhel.so
/usr/local/lsws/bin/lswsctrl stop
cp cyberpanel_ols_x86_64_rhel.so /usr/local/lsws/modules/cyberpanel_ols.so
chmod 755 /usr/local/lsws/modules/cyberpanel_ols.so
/usr/local/lsws/bin/lswsctrl startRHEL 8 / AlmaLinux 8 / Rocky Linux 8
cd /tmp
wget -q https://cyberpanel.net/cyberpanel_ols_x86_64_rhel8.so
/usr/local/lsws/bin/lswsctrl stop
cp cyberpanel_ols_x86_64_rhel8.so /usr/local/lsws/modules/cyberpanel_ols.so
chmod 755 /usr/local/lsws/modules/cyberpanel_ols.so
/usr/local/lsws/bin/lswsctrl startVerify Module Installed
ls -la /usr/local/lsws/modules/cyberpanel_ols.so
# Should show the file with 755 permissionsStep 4: Activate Your License
Once you have your license key (CP-OLS-XXXX-XXXX-XXXX-XXXX), activate it on your server:
# Save license key to file
echo "CP-OLS-XXXX-XXXX-XXXX-XXXX" > /usr/local/lsws/cyberpanel_ols.license
# Set correct permissions
chmod 600 /usr/local/lsws/cyberpanel_ols.license
chown lsadm:lsadm /usr/local/lsws/cyberpanel_ols.license
# Restart OpenLiteSpeed to apply
/usr/local/lsws/bin/lswsctrl restartReplace CP-OLS-XXXX-XXXX-XXXX-XXXX with your actual license key.
How License Validation Works
- The module reads the license key from
/usr/local/lsws/cyberpanel_ols.license - It validates against
platform.cyberpersons.com/api/v1/validate-licenseevery 24 hours - If the license is valid, all .htaccess features are enabled
- If the license is invalid or expired, premium features are disabled (graceful degradation — the server keeps running)
Step 5: Verify Everything Works
Test .htaccess Header Processing
# Add a test header to any website's .htaccess
echo 'Header set X-Htaccess-Test "Working"' >> /home/example.com/public_html/.htaccess
# Test with curl
curl -I https://example.com | grep X-Htaccess-Test
# Expected: X-Htaccess-Test: Working
# Clean up test header
sed -i '/X-Htaccess-Test/d' /home/example.com/public_html/.htaccessTest PHP Directives
# Add PHP directive to .htaccess
echo 'php_value memory_limit 512M' >> /home/example.com/public_html/.htaccess
# Create test PHP file
echo '<?php echo ini_get("memory_limit"); ?>' > /home/example.com/public_html/memtest.php
# Test
curl https://example.com/memtest.php
# Expected: 512M
# Clean up
rm /home/example.com/public_html/memtest.php
sed -i '/memory_limit/d' /home/example.com/public_html/.htaccessTest Brute Force Protection
# Add to .htaccess
cat >> /home/example.com/public_html/.htaccess << 'EOF'
BruteForceProtection On
BruteForceAllowedAttempts 5
BruteForceWindow 300
BruteForceAction block
EOF
# Verify shared memory files created after a POST to wp-login.php
ls -la /dev/shm/ols/
# Should show BFProt.shm and BFProt.lockFeatures Enabled by License
When your license is valid, all features work:
| Feature | Valid License | No / Expired License |
|---|---|---|
| PHP Configuration (php_value, php_flag) | Enabled | Disabled |
| Header / RequestHeader directives | Enabled | Disabled |
| SetEnv / SetEnvIf / BrowserMatch | Enabled | Disabled |
| ErrorDocument | Enabled | Disabled |
| Redirect / RedirectMatch | Enabled | Disabled |
| Expires directives | Enabled | Disabled |
| FilesMatch blocks | Enabled | Disabled |
| Access Control (Order/Allow/Deny) | Enabled | Disabled |
| WordPress Brute Force Protection | Enabled | Disabled |
The server continues running normally when the license is invalid — features are simply disabled, not broken.
.htaccess Examples
Here are common .htaccess configurations that work with this module:
Security Headers
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Strict-Transport-Security "max-age=31536000"
Header unset Server
Header unset X-Powered-ByCORS Headers
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"PHP Settings
php_value memory_limit 256M
php_value max_execution_time 300
php_value upload_max_filesize 100M
php_value post_max_size 100M
php_flag display_errors off
php_flag log_errors onIP Access Control
# Block all except specific IPs
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from 10.0.0.0/8Cache Control
ExpiresActive On
ExpiresByType image/jpeg A31557600
ExpiresByType image/png A31557600
ExpiresByType text/css A2592000
ExpiresByType application/javascript A2592000
ExpiresByType text/html A0WordPress Brute Force Protection (Recommended)
BruteForceProtection On
BruteForceAllowedAttempts 5
BruteForceWindow 300
BruteForceAction blockBehind Cloudflare or a CDN, add:
BruteForceXForwardedFor OnTroubleshooting
Module not loading
# Check module file exists
ls -la /usr/local/lsws/modules/cyberpanel_ols.so
# Check OLS configuration references it
grep cyberpanel_ols /usr/local/lsws/conf/httpd_config.conf
# Restart OLS
/usr/local/lsws/bin/lswsctrl restartLicense not activating
# Check license file exists and has correct content
cat /usr/local/lsws/cyberpanel_ols.license
# Should show: CP-OLS-XXXX-XXXX-XXXX-XXXX
# Check permissions
ls -la /usr/local/lsws/cyberpanel_ols.license
# Should be: -rw------- lsadm lsadm
# Check server can reach validation endpoint
curl -s https://platform.cyberpersons.com/api/v1/validate-license
# Should return a JSON response (even if error, connectivity is confirmed)Headers not appearing
- Verify .htaccess is readable by the
nobodyuser - Check syntax — quotes must be balanced
- Test with curl directly (bypass CDN):
curl -I https://example.com | grep X-Frame - Check OLS error log:
cat /usr/local/lsws/logs/error.log
Brute force protection not triggering
- Ensure
BruteForceProtection Onis in the site’s .htaccess - Check shared memory files:
ls -la /dev/shm/ols/ - Verify it’s a POST request to a protected endpoint (wp-login.php or xmlrpc.php)
- Check logs:
grep BruteForce /usr/local/lsws/logs/error.log - Reset all counters:
rm -f /dev/shm/ols/BFProt.* && /usr/local/lsws/bin/lswsctrl restart
Performance
| Metric | Value |
|---|---|
| Overhead per request | < 1ms |
| Memory per cached .htaccess | ~2KB |
| Memory per tracked IP (brute force) | ~64 bytes |
| Cache invalidation | Automatic (mtime-based) |
Managing Your License
- View your license: platform.cyberpersons.com — My Licenses
- Your license key works on any server — it is NOT tied to a specific IP address. Simply copy the license file to your new server.
- Renew before expiry — if your license expires, features are disabled but your server keeps running.
Getting Help
- Support: [email protected]
- Knowledge Base: cyberpanel.net/KnowledgeBase
- Forums: forums.cyberpanel.net
- Purchase: cyberpanel.net/cyberpanel-htaccess-module
