Cookie IP validation

[mickalo]

Hello,

did some searching on this earlier and couldn't really find an answer to this. We have a few AOL customers that have problems logging into their Cpanel due to IP changes all the time.

In the WHM we currently have the Cookie IP validation setting to loose so they can log in. In the security setting is states:

Cookie IP validation [?]
Validate the IP addresses used in all cookie-based logins. This will limit the ability 
of attackers who capture cPanel session cookies to use them in an exploit of the 
cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, 
proxydomains should also be disabled.

My question is how do you disable the proxy domains as it suggests ??

thx's

Mike

 

[cPanelTristan]

Hello Mike,

There are 3 proxy subdomain settings in Tweak Settings in WHM (findable by entering proxy in the search field at the upper right of that area):

Proxy subdomains [?]
Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk and whm subdomains to the correct port (requires mod_rewrite and mod_proxy)

Proxy subdomain creation [?]
Automatically create cpanel, webmail, webdisk and whm proxy subdomain DNS entries for new accounts. When this is initially enabled it will add appropriate proxy subdomain DNS entries to all existing accounts. (Use /scripts/proxydomains to reconfigure the DNS entries manually)

Proxy subdomain override [?]
Allow users to create cpanel, webmail, webdisk and whm subdomains that override automatically generated proxy subdomains

If you set these all to "Off" and then run "/scripts/proxydomains" in root SSH command line, you should be able to disable proxy subdomains by doing that.

Thanks!

 

[mickalo]

Thank you. this should take care of the problems.

Mike