Cookie IP validation Per Reseller / CPanel ?

F

frenz

Member
Nov 4, 2014
10
0
1
cPanel Access Level
Reseller Owner
Dear Sir,
Is the Cookie IP validation a global setting ? Can it be set at Reseller Level or even Per CPanel ? Some Resellers do NOT want it enabled or maybe configurable per Reseller / CPanel account. Possible ? Thanks
 
24x7ss

24x7ss

Well-Known Member
Sep 30, 2014
272
19
68
India
cPanel Access Level
Root Administrator
Twitter
Hello :)

Yes, it is a global setting and you can disable it from Security settings but disabling it is not recommended as this limits the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces.
 
F

frenz

Member
Nov 4, 2014
10
0
1
cPanel Access Level
Reseller Owner
24x7ss said:
Hello :)

Yes, it is a global setting and you can disable it from Security settings but disabling it is not recommended as this limits the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces.
Click to expand...
Dear Sir,
Not disabled but changed to Loose per Reseller / CPanel level as per request. Some users connect via mobile Internet and their IPs keep changing from time to time even during constant connection. Often, they were just kicked out suddenly 5 times within 10 minutes while working in the File Manager.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
Hello :)

This is a global setting that is not configurable on a per-domain or per-reseller basis.

Thank you.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
Per the description of this option:

Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.

Due to the nature of this option, it's not something that's username based. Thus, it can't be applied to individual accounts.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C In Progress [CPANEL-32505] Username/Domain Validation during account creation. Account Administration 8
D Your session cookie is invalid. Please log in again. Account Administration 18
L One click login with cookies - Possible? Account Administration 1
mickalo Cookie IP validation Account Administration 2
O How to disable "Validate the IP addresses used in all cookie based logins." from SSH Account Administration 1
Similar threads
In Progress [CPANEL-32505] Username/Domain Validation during account creation.
Your session cookie is invalid. Please log in again.
One click login with cookies - Possible?
Cookie IP validation
How to disable "Validate the IP addresses used in all cookie based logins." from SSH
Top Bottom