Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel + reverse proxy = invalid security token

Discussion in 'General Discussion' started by EternalGlory, Jul 21, 2018.

  1. EternalGlory

    EternalGlory Registered

    Joined:
    Jul 21, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Earth
    cPanel Access Level:
    DataCenter Provider
    The system almost works, but I get the error in various places when logging into webmail and performing certain actions on WHM:

    HTTP error 401
    Invalid Security Token

    Lots of XSRF errors in the console:
    Code:
    Blocked a frame with origin "https://webmail.example.com" from accessing a frame with origin "https://cpanel.example.com". Protocols, domains, and ports must match.

Refused to display 'https://cpanel.example.com/cpsess12345678/3rdparty/squirrelmail/src/webmail.php?login=1&post_login=12345678' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
    Additionally, I get unstyled pages in WHM where it is attempting to pull styles and content from cPanel but fails to do so due to the aforementioned errors.


    So far tried:
    • Old hack for disabling XSS (xsrftoken=false), doesn't work on new cpanel
    • Disable cookie based IP validation
    • Force update
    • Strip xss related headers using nginx
    • Delete cache directory
    • Praying to Lord Krishna
    Still doesn't work.
     
    #1 EternalGlory, Jul 21, 2018
    Last edited by a moderator: Jul 25, 2018
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,325
    Likes Received:
    2,157
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @EternalGlory,

    It looks to relate to the use of your third-party reverse proxy application and proxy subdomains. The easiest way to solve the issue is to disable proxy subdomains and access cPanel/WHM/Webmail using the traditional ports (e.g. 2083, 2087, 2096). Beyond that, I recommend reporting this issue to the developer of the specific reverse proxy application you are using to see if they can offer a solution or workaround to solve the issue.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Jul 23, 2018
(You must log in or sign up to post here.)
Loading...
Similar Threads - cPanel reverse proxy
  1. Mohamed Tangour

    cPanel servers on the Private Cloud with Reverse Proxy and Load Balancing

    Mohamed Tangour, Feb 21, 2018, in forum: Security
    Replies:
    1
    Views:
    570
    cPanelMichael
    Feb 21, 2018
  2. Magezi Sagesse

    Apache Reverse Proxy on Centos 6 cPanel?

    Magezi Sagesse, Nov 24, 2017, in forum: Security
    Replies:
    1
    Views:
    3,734
    cPanelMichael
    Nov 29, 2017
  3. SactoBob

    SOLVED Migrate reverse DNS zone to another cPanel

    SactoBob, May 18, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    3
    Views:
    246
    cPanelLauren
    May 21, 2018
  4. Matias Lopez

    New Thread cpanel_dovecot_solr_commit exception

    Matias Lopez, Jun 23, 2019 at 8:38 PM, in forum: General Discussion
    Replies:
    1
    Views:
    90
    Matias Lopez
    Jun 24, 2019 at 8:02 AM
  5. daflame

    In Progress [CPANEL-28089] Dovecot TLS configuration reset upon update

    daflame, Jun 23, 2019 at 12:35 PM, in forum: E-mail Discussion
    Replies:
    31
    Views:
    1,652
    kernow
    Jun 25, 2019 at 2:39 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice