#Header add X-Frame-Options "DENY"
#Header add Content-Security-Policy "frame-ancestors 'none';"
#Header set Content-Security-Policy "default-src 'self';"

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$ 
RewriteCond %{REMOTE_ADDR} !^208\.70\.245\.120

RewriteRule $ /maintenance.html [R=302,L]