In Progress [CPANEL-30925] /webmail redirect

[Biggyalecs]

Hello,
I have a little problem with my whm/cpanel.
When i'm trying to use domain.com/webmail it takes about 5-10 sec to redirect.
in the left corner i have Cpanel is connecting and in the right corner i have some messeges : first it says preferred, then proxy, then nonsecure, then nonsecure proxy and after that force preferred and redirects me to domain.com:2096

How can i set up whm so it will redirect faster when a user type domain.com/webmail?

 

[Biggyalecs]

so.... can anyone help me?

 

[cPanelLauren]

Hello,

There shouldn't be any base configuration of cPanel/WHM that causes this to load slowly. What this may indicate is that there may be a firewall issue. Are you using CSF or iptables on its own?

 

[cPanelLauren]

Hi @Biggyalecs

It might appear that I spoke too soon when I responded, if you have root access to the server canyou please go to WHM>>Server Configuration>>Tweak Settings and let me know what you have set for:
=======================================================================
Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd

Use the X-Frame-Options HTTP response header to indicate whether a browser can render a page in a <frame>, <iframe> or <object> tag. This allows websites to ensure that their contents are not embedded into other sites, to avoid clickjacking attacks.
The server uses the X-Content-Type-Options response HTTP header to indicate that the MIME types in the Content-Type headers should not be changed or followed.
When you enable this option, the system adds the X-Frame-Options header, with a value of SAMEORIGIN, and the X-Content-Type-Options header, with a value of nosniff, to cpsrvd responses.
=======================================================================

I just saw that one of our analysts opened a case last night indicating that this being enabled (which it is by default) has been causing delayed /cpanel redirects which would include redirects to /webmail

 

[Biggyalecs]

HI cPanelLauren,
I'v disable x-frame-option and now everything works great.
Thank you!

 

[hiredgeek]

I had this problem as well. Is there plans to fix it? Is there any problem with leaving it set off?
Thanks

 

[cPanelLauren]

This issue is not resolved as of now. The internal case for it is still open CPANEL-30925 but as soon as it is updated I'll note the changes here. This being a security feature @hiredgeek there is some risk with having this disabled as the purpose is to avoid clickjacking attacks as noted in the description.

Currently, the only workaround for this is to disable the x-frame option though.

 

[hiredgeek]

Thanks Lauren,

I'd also like to note that webmail.domain.com works fine.
Only domain.com/webmail has the loading problem.

For now, I can direct my new users to to webmai.domain.com because this is a new server that I'm having the issue on.

 

[DennisMidjord]

Is there any update on this or is it something that's not gonna be fixed?

 

[cPRex]

Our team decided not to fix this a few years ago. Are you still seeing similar behavior that is causing an issue?

 

[DennisMidjord]

Yes. Disabling "Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd" solves the issue.
It's not super important to have it fixed though. Eventually the client will be redirected to cPanel or webmail

 

[feldon27]

Our team decided not to fix this a few years ago. Are you still seeing similar behavior that is causing an issue?

If you're looking for another data point, this affected my new server. It would cycle through

• trying: preferred
• trying: proxy
• trying: nonsecure
• trying: nonsecure proxy
• trying: force preferred

before finally logging in.

Turning off Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd in Tweak Settings resolved it.

 

[hiredgeek]

Our team decided not to fix this

This seems unusual to me, to just decide to not fix a bug, especially one that happens with default WHM settings.
cPanelLauren mentioned it's a security issue, so I'm not comfortable with the workaround.
So is the idea for cPanel to eventually deprecate the /webmail link all together?

 

[cPRex]

No, we don't plan on disabling /webmail. Let me reach out to the team and I'll see if I can get some more details.

 

[cPRex]

I did hear back from our team and they are currently discussing this. I'll report back as soon as I hear anything.

 

[cPRex]

I did clarify the security portion of this request with the developers, and they have a team reviewing this information now to see if it's something they want to pick up. I'll report back once I have more details.

 

[JoseDieguez]

i can confirm many clients in all our servers see this very same issue. not that terrible, but has made more than one client telling us the server is slow, because cpanel takes too much time to redirect.

 

[cPRex]

Thanks, @JoseDieguez - I've passed that along.

 

[cPRex]

Update - the developers have taken this on and it's being worked on as we speak! I'll continue to post updates as I get them.

 

[cPRex]

Update - if I'm reading things correctly, it looks like we plan to have a fix for this in version 112. That isn't set in stone just yet, so don't hold me to it, but progress is being made!