Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel + reverse proxy = invalid security token

Discussion in 'General Discussion' started by EternalGlory, Jul 21, 2018.

  1. EternalGlory

    EternalGlory Registered

    Joined:
    Jul 21, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Earth
    cPanel Access Level:
    DataCenter Provider
    The system almost works, but I get the error in various places when logging into webmail and performing certain actions on WHM:

    HTTP error 401
    Invalid Security Token

    Lots of XSRF errors in the console:
    Code:
    Blocked a frame with origin "https://webmail.example.com" from accessing a frame with origin "https://cpanel.example.com". Protocols, domains, and ports must match.

Refused to display 'https://cpanel.example.com/cpsess12345678/3rdparty/squirrelmail/src/webmail.php?login=1&post_login=12345678' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
    Additionally, I get unstyled pages in WHM where it is attempting to pull styles and content from cPanel but fails to do so due to the aforementioned errors.


    So far tried:
    • Old hack for disabling XSS (xsrftoken=false), doesn't work on new cpanel
    • Disable cookie based IP validation
    • Force update
    • Strip xss related headers using nginx
    • Delete cache directory
    • Praying to Lord Krishna
    Still doesn't work.
     
    #1 EternalGlory, Jul 21, 2018
    Last edited by a moderator: Jul 25, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,323
    Likes Received:
    1,851
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @EternalGlory,

    It looks to relate to the use of your third-party reverse proxy application and proxy subdomains. The easiest way to solve the issue is to disable proxy subdomains and access cPanel/WHM/Webmail using the traditional ports (e.g. 2083, 2087, 2096). Beyond that, I recommend reporting this issue to the developer of the specific reverse proxy application you are using to see if they can offer a solution or workaround to solve the issue.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Jul 23, 2018
(You must log in or sign up to post here.)
Loading...
Similar Threads - cPanel reverse proxy
  1. Mohamed Tangour

    cPanel servers on the Private Cloud with Reverse Proxy and Load Balancing

    Mohamed Tangour, Feb 21, 2018, in forum: Security
    Replies:
    1
    Views:
    275
    cPanelMichael
    Feb 21, 2018
  2. Magezi Sagesse

    Apache Reverse Proxy on Centos 6 cPanel?

    Magezi Sagesse, Nov 24, 2017, in forum: Security
    Replies:
    1
    Views:
    1,312
    cPanelMichael
    Nov 29, 2017
  3. SactoBob

    SOLVED Migrate reverse DNS zone to another cPanel

    SactoBob, May 18, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    3
    Views:
    86
    cPanelLauren
    May 21, 2018
  4. arunnair555

    New Thread Multiple WHM/cPanel servers transfer to a single WHM/cpanel account

    arunnair555, Aug 16, 2018 at 4:54 AM, in forum: General Discussion
    Replies:
    0
    Views:
    5
    arunnair555
    Aug 16, 2018 at 4:54 AM
  5. HostXNow_Chris

    Cron emails (/usr/local/cpanel/scripts/fix-cpanel-perl;/usr/lo cal/cpanel/scripts/upcp --c

    HostXNow_Chris, Aug 15, 2018 at 2:04 AM, in forum: General Discussion
    Replies:
    1
    Views:
    37
    cPanelLauren
    Aug 15, 2018 at 11:02 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice