The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cookie IP validation Per Reseller / CPanel ?

Discussion in 'General Discussion' started by frenz, Nov 20, 2014.

  1. frenz

    frenz Member

    Joined:
    Nov 4, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Dear Sir,
    Is the Cookie IP validation a global setting ? Can it be set at Reseller Level or even Per CPanel ? Some Resellers do NOT want it enabled or maybe configurable per Reseller / CPanel account. Possible ? Thanks
     
  2. 24x7ss

    24x7ss Well-Known Member

    Joined:
    Sep 30, 2014
    Messages:
    271
    Likes Received:
    16
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Yes, it is a global setting and you can disable it from Security settings but disabling it is not recommended as this limits the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces.
     
  3. frenz

    frenz Member

    Joined:
    Nov 4, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Dear Sir,
    Not disabled but changed to Loose per Reseller / CPanel level as per request. Some users connect via mobile Internet and their IPs keep changing from time to time even during constant connection. Often, they were just kicked out suddenly 5 times within 10 minutes while working in the File Manager.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. frenz

    frenz Member

    Joined:
    Nov 4, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Dear Sir,
    Will this become available in future release ?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Per the description of this option:

    Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.

    Due to the nature of this option, it's not something that's username based. Thus, it can't be applied to individual accounts.

    Thank you.
     
Loading...

Share This Page