I've been following some excellent security practices from the CPfence community, especially this tutorial:
https://community.cpfence.app/d/9-zero-trust-access-to-cpfence-webui-using-cloudflare-tunnel-and-otp
Inspired by that, I wanted to discuss Enhance's admin access mechanism. I know Enhance already has a "Restrict admin access" feature — but as pointed out in this post (https://community.enhance.com/d/1369-restrict-admin-access-not-working-for-me/), it only works with Apache and NGINX. Unfortunately, this leaves LiteSpeed and OpenLiteSpeed users without a viable way to restrict access to the admin interface.
Wouldn't it make sense to consider an alternative approach that works across all web servers?
For example, allowing administrators to log in through a separate path such as /iamtheboss or /theownerisback, or even via a dedicated subdomain, would make it much easier to secure access using tools like Cloudflare Tunnel + Zero Trust + OTP, while still allowing clients to log in through the normal public URL.
This wouldn’t just improve security — it would also solve the current compatibility gap and offer more flexibility to hosting providers using Enhance.
Just a suggestion, as I believe security is a core pillar of any multi-tenant platform — and Enhance has the potential to lead by example here.
