What are the disadvantage of disabling log out on IP change feature. ?

[Vijayakumar J R]

Hello Team

I am using Cpanel for my project. I am coming out from Cpanel session every time whenever my public Ip changes.
So what are the disadvantages of disabling "log out on IP change" feature other than man-in-the-middle attack and if we enable HSTS, is it still required?

Awaiting for your response.

Thanks

 

[cPanelLauren]

Hello,

You cannot enable HSTS for cPanel services at this time but it can be done for your sites, though this would have no bearing on cPanel logins. For the specific setting are you referencing Cooking IP validation? The full details of that setting are as follows:

Cookie IP validation
Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.

And in the docs:

Cookie IP validation

This setting validates IP addresses for cookie-based logins. This denies attackers the ability to capture cPanel session cookies in order to gain access to your server’s cPanel & WHM interfaces. We strongly recommend that you do not rely on cookie-based IP validation. When you enable this setting, we recommend that you disable the Service subdomains and Service subdomain creation settings.

disabled — The system does not validate IP addresses. loose — The system requires that the access IP address and the cookie IP address must be in the same class C subnet. strict — The system requires that the access IP address and the cookie IP address match exactly.

strict