AWStats Referrer Check Bug in cPanel 11.25.0-R42399 - WHM 11.25.0 - X 3.9

PCZero

Well-Known Member
Dec 13, 2003
718
85
178
Earth
Since I upgraded to 11.25.0, all of my clients are getting a nasty warhing message when they go to AWStats.


Access Denied: Referrer Check

Functions in cPanel / WHM are available only directly through the cPanel and WHM interfaces or through our XML API. It appears that this request is coming from a referring site and might be malicious. Administrator Note: If new ips were recently bound to this server manually you must restart cpsrvd


I have added nothing. This happens with accounts on the main shared IP and on other IPs as well. Please advise how to fix this situation. My clients are freaking out.
 

PCZero

Well-Known Member
Dec 13, 2003
718
85
178
Earth
Its not the later, we force all connects to be via ssl. I'll look into the new settings. Thanks.
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
Since I upgraded to 11.25.0, all of my clients are getting a nasty warhing message when they go to AWStats.

Access Denied: Referrer Check

Functions in cPanel / WHM are available only directly through the cPanel and WHM interfaces or through our XML API. It appears that this request is coming from a referring site and might be malicious. Administrator Note: If new ips were recently bound to this server manually you must restart cpsrvd

I have added nothing. This happens with accounts on the main shared IP and on other IPs as well. Please advise how to fix this situation. My clients are freaking out.
What is the URL being used to access cPanel (e.g., via a proxy sub-domain "cpanel.domain.tld", or via a specific port like 2082 and 2083)?
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
There are two tweak settings in the Security section of Tweak Settings that enable referrer checks:

Only permit cpanel/whm/webmail to execute functions when the browser provides a referrer. This will help prevent XSRF attacks, but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.

Only permit cpanel/whm/webmail to execute functions when the browser provided referrer (Domain/IP and Port) exactly matches the destination URL. This will help prevent XSRF attacks, but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.

The first one was also in cPanel 11.24.0. These checks are unreliable as they generate too many false positives ( and hence annoyances as you are reporting ). It is recommended that these only be used in situations where the Security Tokens ( also in the Security section of Tweak Settings ) can not be used.

Some more details on these are found in http://twiki.cpanel.net/twiki/pub/AllDocumentation/ReleaseNotes/recommended_settings.pdf

and

http://twiki.cpanel.net/twiki/pub/AllDocumentation/ReleaseNotes/1125releasenotes.pdf
 

Website Rob

Well-Known Member
Mar 23, 2002
1,501
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
On a related note, Time Zone options in Awstats is needing fixing. Only shows to the letter P.

cPanel 11.25.0-C42399 - WHM 11.25.0 - X 3.9
CENTOS 4.8 i686 standard on private
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
On a related note, Time Zone options in Awstats is needing fixing. Only shows to the letter P.

cPanel 11.25.0-C42399 - WHM 11.25.0 - X 3.9
CENTOS 4.8 i686 standard on private
What are the AWStats time zone options you are referring to?

Is it a plug-in or are you seeing this in a stock-default installation?

If possible, please provide a screen capture/snapshot of the displayed issue.