cPanel Login Box/Prompt (HTTP Auth Popup Window versus Cookie Auth Web-based Form)

[tjmoore]

Hi
I've deployed another cPanel server, I've configued it and its working fine apart from when you login.

Instead of this, the drop down login box: thecorrectloginbox.png (see below)

I get this instead, the basic html login box: wrongloginbox.png (see below)


I'm sure I've checked the wrong box somewhere but I just cant find it!

Any help appreciated.

[madaboutlinux]

The first one doesn't look like a wrong login box... it's just that it's not popping up a new box. You will be able to login fine using either of the login window.

[tjmoore]

I know its not wrong but I would prefer the pop up login box, I just cant understand why its not popping up

[Infopro]

It looks to me like one is for cPanel one is for WHM. Either way, check your Tweak Settings Page > Redirection settings, against the other server. I think that's what you are looking for.

[tjmoore]

Thats what I thought it was, tried it still doesn't want to work, this is what I have in the redirection panel:

Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc. - Check

When visiting /cpanel or /whm or /webmail WITHOUT SSL, you can choose to redirect to: Origin Domain Name

When visiting /cpanel or /whm or /webmail with SSL, you can choose to redirect to: Origin Domain Name

[mocollin]

Is this 11.25? If so check this setting under "Tweak Settings" in WHM.

"Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached Http Auth credentials."

If it is checked, it won't use HTTP Auth for logins.

[tjmoore]

It worked!
Thanks

[nyubi]

im a newbie on site hosting and i have a question : how to disable a pop-up on webmail login, can please someone enlight me ?

logic support @ this thread http://forums.cpanel.net/f34/how-cre...ge-126337.html

answer : "From WHM >> Server Configuration >> Tweak Settings >>

Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication)

'Tick' the above option .

It will Skip HTTP Authentication and pop-up window will not appear . "

but in my cpanel i dont find any server configuration or what is WHM ?

note: im not replying that thread because it quite old (back on oct)

[nyubi]

Emailed support guys at my hosting and they reply :

Accept my apologies, it turned out cPanel currently does not allow to remove the pop-up login window.

I'd advice you to use some mail client in order to access mail via cellphone, you can find more info regarding this matter on web.


Seem they running modified cpanel ?

[DWHS.net]

When I login to cpanel or WHM on some servers it goes right to the cpanel login page. How can I get the htaccess pop up login back?

[Miraenda]

The option that determines if you receive a popup box or a login page is this one in WHM > Tweak Settings area under Security there:

Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached Http Auth credentials.

If it is checked, you will have a login page without a popup box. If it is unchecked, you will have a popup box. It is more secure to have it checked and a login page.

[DWHS.net]

The option that determines if you receive a popup box or a login page is this one in WHM > Tweak Settings area under Security there:

Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached Http Auth credentials.

If it is checked, you will have a login page without a popup box. If it is unchecked, you will have a popup box. It is more secure to have it checked and a login page.

Thanks, good to know. I will just disable it for all logins then.

[delphiman]

I don't know what I did but now everytime I go to my WHM site or Cpanel site, it does not prompting for username and password anymore. BUT is still showing the web based login windows page

Can you show me how to get my prompting back?

[Infopro]

You might try this:
WHM > Server Configuration > Tweak Settings > Redirection section.

Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc. checked.

When visiting /cpanel or /whm or /webmail WITHOUT SSL, you can choose to redirect to: Hostname.

When visiting /cpanel or /whm or /webmail with SSL, you can choose to redirect to: SSL Cerificate Name.

And save it.


If you don't have access to these settings you'll need to speak to your host.

[cPanelDon]

I don't know what I did but now everytime I go to my WHM site or Cpanel site, it does not prompting for username and password anymore. BUT is still showing the web based login windows page

Can you show me how to get my prompting back?

If the pop-up login prompt is not shown it sounds like HTTP authentication may be disabled; if it is disabled this means that cookie authentication will be used with a web-based login form.

The authentication method may be toggled using WHM via the following menu paths:

In cPanel version 11.25.1:
WHM: Main >> Server Configuration >> Tweak Settings >> Security

• Enable HTTP Authentication [?] Enable HTTP Authentication for cPanel/WebMail/WHM Logins. This risks certain types of XSRF attacks that rely on cached HTTP Auth credentials. Disabling forces cookie authentication.

In cPanel version 11.25.0:
WHM: Main >> Server Configuration >> Tweak Settings >> Security

• Disable HTTP Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached HTTP Auth credentials.