I need to block port accessible via IP after configuring reverse proxy for Docker(OpenLiteSpeed + Rewrite Rules)

Support and Discussion General Discussion
, , ,
1

Hello everyone,

I’m encountering an issue with my server configuration after setting up a reverse proxy using OpenLiteSpeed. Here’s what I’ve done so far:

  1. I configured a reverse proxy to redirect a service (like phpMyAdmin) running on a specific port (for example, 11001) to a subdomain via rewrite rules.
  • Example: http://Server_IP:11001 is redirected to https://mysub.domain.tld.
  1. The reverse proxy is working as expected, and I can access the service via the subdomain (https://mysub.domain.tld).

However, despite this setup, the port is still directly accessible via the public IP (http://Server_IP:11001), which I want to block.

What I’ve Tried:

  • I tried adding iptables rules to limit access to port 11001 to localhost only, but it didn’t work as expected.
  • I also explored CSF (ConfigServer Security & Firewall) options, but I still can’t block direct access via the IP.

My Goal:

I want the 11001 port to be inaccessible from the public IP and accessible only through the subdomain (via the reverse proxy that is already set up).

Do you have any suggestions on how I can configure OpenLiteSpeed or firewall rules to solve this issue?

Thanks in advance for your help!

2

Hello @mhdev

You should use iptables to restrict access to the port so that it is only accessible from localhost only like

$ sudo iptables -A INPUT -p tcp -s 127.0.0.1 --dport 11001 -j ACCEPT

Then block access to other ip addresses

$ sudo iptables -A INPUT -p tcp --dport 11001 -j DROP

Then save iptables firewall rules permanently

$ sudo iptables-save | sudo tee /etc/iptables/rules.v4

Then from there create an external application - Reverse Proxy | Configuration | OpenLiteSpeed Documentation | OpenLiteSpeed Documentation

1 Like
3

Thanks for your feedback, yes I had an almost similar approach but I have the impression that Docker’s rules take precedence over those of Iptables on my server. Since I can’t do it, I deleted docker from my CyberPanel, but I’ll try again with your recommendations.