I use OpenLitespeed server with multiple WordPress installation and want to restrict external access to some files, only allowing server itself to access them (for example to call cron), so:
What I did:
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1
RewriteCond %{REQUEST_URI} wp-trackback.php|xmlrpc.php|wp-cron.php [NC]
RewriteRule .* - [F,L]
Result:
/xmlrpc.php - returns 403 as expected;
/wp-trackback.php - returns 403 as expected;
/wp-cron.php - shows white page like it always does without any restrictions...
Why so? Any suggestions?