In Progress [CPANEL-30925] /webmail redirect

Biggyalecs

Registered
Dec 16, 2019
3
2
3
Romania
cPanel Access Level
Root Administrator
Hello,
I have a little problem with my whm/cpanel.
When i'm trying to use domain.com/webmail it takes about 5-10 sec to redirect.
in the left corner i have Cpanel is connecting and in the right corner i have some messeges : first it says preferred, then proxy, then nonsecure, then nonsecure proxy and after that force preferred and redirects me to domain.com:2096

How can i set up whm so it will redirect faster when a user type domain.com/webmail?
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,265
1,297
363
Houston
Hello,

There shouldn't be any base configuration of cPanel/WHM that causes this to load slowly. What this may indicate is that there may be a firewall issue. Are you using CSF or iptables on its own?
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,265
1,297
363
Houston
Hi @Biggyalecs

It might appear that I spoke too soon when I responded, if you have root access to the server canyou please go to WHM>>Server Configuration>>Tweak Settings and let me know what you have set for:
=======================================================================
Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd

Use the X-Frame-Options HTTP response header to indicate whether a browser can render a page in a <frame>, <iframe> or <object> tag. This allows websites to ensure that their contents are not embedded into other sites, to avoid clickjacking attacks.
The server uses the X-Content-Type-Options response HTTP header to indicate that the MIME types in the Content-Type headers should not be changed or followed.
When you enable this option, the system adds the X-Frame-Options header, with a value of SAMEORIGIN, and the X-Content-Type-Options header, with a value of nosniff, to cpsrvd responses.
=======================================================================

I just saw that one of our analysts opened a case last night indicating that this being enabled (which it is by default) has been causing delayed /cpanel redirects which would include redirects to /webmail
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,265
1,297
363
Houston
This issue is not resolved as of now. The internal case for it is still open CPANEL-30925 but as soon as it is updated I'll note the changes here. This being a security feature @hiredgeek there is some risk with having this disabled as the purpose is to avoid clickjacking attacks as noted in the description.

Currently, the only workaround for this is to disable the x-frame option though.
 

hiredgeek

Member
Jul 9, 2014
17
2
53
cPanel Access Level
Root Administrator
Thanks Lauren,

I'd also like to note that webmail.domain.com works fine.
Only domain.com/webmail has the loading problem.

For now, I can direct my new users to to webmai.domain.com because this is a new server that I'm having the issue on.
 
  • Like
Reactions: cPanelLauren

DennisMidjord

Well-Known Member
Sep 27, 2016
335
71
78
Denmark
cPanel Access Level
Root Administrator
Yes. Disabling "Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd" solves the issue.
It's not super important to have it fixed though. Eventually the client will be redirected to cPanel or webmail :-D
 
  • Like
Reactions: cPRex

feldon27

Well-Known Member
Mar 12, 2003
136
35
178
Houston, TX
Our team decided not to fix this a few years ago. Are you still seeing similar behavior that is causing an issue?
If you're looking for another data point, this affected my new server. It would cycle through
  • trying: preferred
  • trying: proxy
  • trying: nonsecure
  • trying: nonsecure proxy
  • trying: force preferred
before finally logging in.

Turning off Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd in Tweak Settings resolved it.
 
  • Like
Reactions: cPRex

hiredgeek

Member
Jul 9, 2014
17
2
53
cPanel Access Level
Root Administrator
Our team decided not to fix this
This seems unusual to me, to just decide to not fix a bug, especially one that happens with default WHM settings.
cPanelLauren mentioned it's a security issue, so I'm not comfortable with the workaround.
So is the idea for cPanel to eventually deprecate the /webmail link all together?
 

JoseDieguez

Well-Known Member
PartnerNOC
Jan 26, 2016
66
34
68
Chile
cPanel Access Level
Root Administrator
i can confirm many clients in all our servers see this very same issue. not that terrible, but has made more than one client telling us the server is slow, because cpanel takes too much time to redirect.