Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel + reverse proxy = invalid security token

Discussion in 'General Discussion' started by EternalGlory, Jul 21, 2018.

  1. EternalGlory

    EternalGlory Registered

    Joined:
    Jul 21, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Earth
    cPanel Access Level:
    DataCenter Provider
    The system almost works, but I get the error in various places when logging into webmail and performing certain actions on WHM:

    HTTP error 401
    Invalid Security Token

    Lots of XSRF errors in the console:
    Code:
    Blocked a frame with origin "https://webmail.example.com" from accessing a frame with origin "https://cpanel.example.com". Protocols, domains, and ports must match.

Refused to display 'https://cpanel.example.com/cpsess12345678/3rdparty/squirrelmail/src/webmail.php?login=1&post_login=12345678' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
    Additionally, I get unstyled pages in WHM where it is attempting to pull styles and content from cPanel but fails to do so due to the aforementioned errors.


    So far tried:
    • Old hack for disabling XSS (xsrftoken=false), doesn't work on new cpanel
    • Disable cookie based IP validation
    • Force update
    • Strip xss related headers using nginx
    • Delete cache directory
    • Praying to Lord Krishna
    Still doesn't work.
     
    #1 EternalGlory, Jul 21, 2018
    Last edited by a moderator: Jul 25, 2018
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @EternalGlory,

    It looks to relate to the use of your third-party reverse proxy application and proxy subdomains. The easiest way to solve the issue is to disable proxy subdomains and access cPanel/WHM/Webmail using the traditional ports (e.g. 2083, 2087, 2096). Beyond that, I recommend reporting this issue to the developer of the specific reverse proxy application you are using to see if they can offer a solution or workaround to solve the issue.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Jul 23, 2018
(You must log in or sign up to post here.)
Loading...
Similar Threads - cPanel reverse proxy
  1. Mohamed Tangour

    cPanel servers on the Private Cloud with Reverse Proxy and Load Balancing

    Mohamed Tangour, Feb 21, 2018, in forum: Security
    Replies:
    1
    Views:
    336
    cPanelMichael
    Feb 21, 2018
  2. Magezi Sagesse

    Apache Reverse Proxy on Centos 6 cPanel?

    Magezi Sagesse, Nov 24, 2017, in forum: Security
    Replies:
    1
    Views:
    1,829
    cPanelMichael
    Nov 29, 2017
  3. SactoBob

    SOLVED Migrate reverse DNS zone to another cPanel

    SactoBob, May 18, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    3
    Views:
    122
    cPanelLauren
    May 21, 2018
  4. gzaldivar

    New Thread Add second cPanel user access?

    gzaldivar, Oct 20, 2018 at 1:04 PM, in forum: General Discussion
    Replies:
    4
    Views:
    19
    Infopro
    Oct 20, 2018 at 3:30 PM
  5. Asger Raza

    New Thread Question about installing script on cPanel account

    Asger Raza, Oct 19, 2018 at 5:03 PM, in forum: General Discussion
    Replies:
    4
    Views:
    39
    Asger Raza
    Oct 20, 2018 at 8:54 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice