Error Authentication Header: Authorization:
Hello, we use api2 on our server to create accounts, subdomains, database and etc ...
This week the API stopped working! Ports 2083 and 2087 are available on the server, this is our error log:
[27-Mar-2018 16:20:49 Brazil/East] RESPONSE:
{"apiversion":"1","type":"event","module":"Mysql","func":"adduser","source":"module","data":{"result":""},"event":{"result":1}}
[27-Mar-2018 16:20:49 Brazil/East] URL: https://000.00.00.000:2083/json-api/cpanel
[27-Mar-2018 16:20:49 Brazil/East] DATA: cpanel_jsonapi_user=onlinete&cpanel_jsonapi_module=Mysql&cpanel_jsonapi_func=adduserdb&cpanel_jsonapi_apiversion=1&arg-0=onlinete_351&arg-1=onlinete_351&arg-2=all
[27-Mar-2018 16:20:49 Brazil/East] Authentication Header: Authorization: Basic b25
[27-Mar-2018 16:20:49 Brazil/East] RESPONSE:
{"apiversion":"1","type":"event","module":"Mysql","func":"adduserdb","source":"module","data":{"result":"1"},"event":{"result":1}}
[27-Mar-2018 16:20:49 Brazil/East] URL: https://000.00.00.000:2083/json-api/cpanel
[27-Mar-2018 16:20:49 Brazil/East] DATA: cpanel_jsonapi_user=onlinete&cpanel_jsonapi_module=Mysql&cpanel_jsonapi_func=adduserdb&cpanel_jsonapi_apiversion=1&arg-0=onlinete_351&arg-1=onlinete_msi&arg-2=all
[27-Mar-2018 16:20:49 Brazil/East] Authentication Header: Authorization: Basic b25-
Hello, Can you verify the output that appears in /usr/local/cpanel/logs/login_log when this happens? Thank you. 0 -
Hello This is the log of the month 03/2018 [removed] 0 -
Hello, Can you verify the output that appears in /usr/local/cpanel/logs/login_log when this happens? Thank you.
I posted the log as requested! The log was removed, did I do something wrong?0 -
Hello, It looks like you posted the entire contents of the login_log. Could you only post the part of the log that corresponds to when you are able to reproduce the authentication issue? Also, please ensure to replace real IP addresses and domain names with examples. Thank you. 0 -
Ok, follow the log... [2018-03-27 16:20:15 -0300] info [cpaneld] 000.00.00.000 - mylogin "GET /cpsess6994161428/frontend/paper_lantern/filemanager/index.html HTTP/1.1" FAILED LOGIN cpaneld: cookie ip check: IP address has changed 0 -
I've noticed that my IP is different from the IP listed in the log above! Have I contacted the vendor of my VPS, would that really be the problem? Is it possible to use a dynamic IP in the API? 0 -
My VPS provider informed me that the IPS difference in the log is related to the client's IP change (when it is authenticated on the server via dynamic IP and the Telecom operator automatically switches the IP). 0 -
My VPS provider informed me that the IPS difference in the log is related to the client's IP change (when it is authenticated on the server via dynamic IP and the Telecom operator automatically switches the IP).
How often is the client's IP address changing? Also, you happen to have Limit logins to verified IP addresses enabled under "WHM >> Configure Security Policies"? Note that generally this is solved by setting "Cookie IP validation" from "Strict" to "Loose" in "WHM >> Tweak Settings". Per that option's description: [QUOTE] Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.
Thank you.0 -
Hello 1 - I do not know how often my clients' IP addresses change! 2 - I have no logins limits for verified IP addresses. I checked the "Loose" option, but every now and then I have the same problem. 0 -
I do not know how often my clients' IP addresses change!
Hello, Could you check with the individual client to have them verify how often their IP address is changing? This seems like an issue isolated to an individual due to uncommon network or router settings on their workstation. Thank you.0 -
Hello, This problem occurs in the API when the customer hires our service. I have no way of knowing how often the client's IP changes. Routine: 1 - The customer signs up and receives a confirmation email 2 - The client confirms the registration 3 - The system creates the database 4 - The system creates the subdomain 5 - The system sends an email with the password Before it worked 100%! Now we are facing some problems. The API does not work correctly and does not create the database nor the subdomain for all the registered ones. Is there nothing I can do? I see so many other systems doing the same process using the cPanel API. Does everyone have the same problem? 0 -
Hello, Could you open a support ticket so we can take a closer look to see what's happening? Create Support Ticket - Version 68 Documentation - cPanel Documentation Thank you. 0
Please sign in to leave a comment.
Comments
12 comments