Disable security tokens
Is there an up-to-date way of disabling security tokens? They're a huge annoyance for me; no one can access my server but me, anyway, but my home internet provider changes IPs constantly so I'm having to log back in to PMA every hour or 2!
On my old server, I added this to /var/cpanel/cpanel.config:
disable-security-tokens=1
That worked for a few hours, but then I started getting 401 errors.
I found another thread from 2013 where @Infopro said to change xsrftokens=0 to xsrftokens=1, but that parameter isn't in my config file so I don't know if I should just add it?
-
Hey hey! You can just add that value to the configuration file as it is not present by default. 0 -
This seemed to stop working a few weeks ago, so I assume there's an update that changed things. Any new suggestions on how to disable security tokens? 0 -
Hmmmm I'm not aware of any updates to the security tokens system. Is the value just not working at all for you? Can you give me some details on your configuration so I can test this? 0 -
Do you mean from WHM's Tweak Settings, or from /var/cpanel/cpanel.config? I haven't changed anything in Tweak Settings since I created this thread in December. It worked for awhile, but then a few weeks ago PMA started demanding that I log back in every few hours. It's a real pain, after I log in I have to go through, I think, 12 clicks to get back to where I was! The only change I've ever made to cpanel.config is when I added xsrftokens. Here's the whole list, though: RS=paper_lantern VFILTERDIR=/etc/vfilters access_log=/usr/local/cpanel/logs/access_log account_login_access=owner_root allow_deprecated_accesshash=0 allow_login_autocomplete=1 allow_server_info_status_from= allowcpsslinstall=1 allowparkhostnamedomainsubdomains=0 allowparkonothers=0 allowremotedomains=0 allowresellershostnamedomainsubdomains=0 allowunregistereddomains=0 allowwhmparkonothers=0 alwaysredirecttossl=1 apache_port=0.0.0.0:80 apache_ssl_port=0.0.0.0:443 api_shell=0 autocreateaentries=1 autodiscover_host=cpanelemaildiscovery.cpanel.net autodiscover_mail_service=imap autodiscover_proxy_subdomains=0 autoupdate_certificate_on_hostname_mismatch=1 awstatsbrowserupdate=0 awstatsreversedns=0 bind_deferred_restart_time=2 blockcommondomains=1 bwcycle=2 cgihidepass=1 check_zone_owner=1 check_zone_syntax=1 chkservd_check_interval=300 chkservd_hang_allowed_intervals=2 chkservd_plaintext_notify=0 cluster_autodisable_threshold=10 cluster_failure_notifications=1 conserve_memory=0 cookieipvalidation=strict coredump=0 cpaddons_adminemail= cpaddons_autoupdate=1 cpaddons_max_moderation_req_all_mod=99 cpaddons_max_moderation_req_per_mod=99 cpaddons_moderation_request=0 cpaddons_no_3rd_party=0 cpaddons_no_modified_cpanel=1 cpaddons_notify_owner=1 cpaddons_notify_root=1 cpaddons_notify_users=Allow users to choose cpanel_locale= cpredirect=Origin Domain Name cpredirectssl=SSL Certificate Name cpsrvd-domainlookup=0 create_account_dkim=1 create_account_spf=1 csp=0 cycle_hours=24 database_prefix=1 debughooks=0 debugui=0 default_archive-logs=0 default_login_theme=cpanel default_pkg_bwlimit=1048576 default_pkg_max_emailacct_quota=1024 default_pkg_quota=10240 default_remove-old-archived-logs=0 defaultmailaction=blackhole disable-php-as-reseller-security=1 disable_cphttpd=0 disablequotacache=0 disk_usage_include_mailman=1 disk_usage_include_sqldbs=1 display_cpanel_doclinks=0 dns_recursive_query_pool_size=10 dnsadmin_log=0 dnsadmin_verbose_sync=0 dnsadminapp dnslookuponconnect=0 docroot=/usr/local/cpanel/base domainowner_mail_pass=0 dormant_services=cpdavd,cphulkd,cpsrvd,dnsadmin,spamd dumplogs=1 email_account_quota_default_selected=unlimited email_account_quota_userdefined_default_value=250 email_outbound_spam_detect_action=hold email_outbound_spam_detect_enable=1 email_outbound_spam_detect_threshold=50 email_send_limits_count_mailman=0 email_send_limits_defer_cutoff=125 email_send_limits_max_defer_fail_percentage email_send_limits_min_defer_fail_to_trigger_protection=5 emailarchive=0 emailpasswords=0 emailsperdaynotify emailusers_diskusage_critical_contact_admin=1 emailusers_diskusage_critical_percent=90 emailusers_diskusage_full_contact_admin=1 emailusers_diskusage_full_percent=98 emailusers_diskusage_warn_contact_admin=0 emailusers_diskusage_warn_percent emailusers_mailbox_critical_percent=90 emailusers_mailbox_full_percent=98 emailusers_mailbox_warn_percent=80 emailusersbandwidthexceed=0 emailusersbandwidthexceed70=0 emailusersbandwidthexceed75=0 emailusersbandwidthexceed80=0 emailusersbandwidthexceed85=0 emailusersbandwidthexceed90=0 emailusersbandwidthexceed95=0 emailusersbandwidthexceed97=0 emailusersbandwidthexceed98=0 emailusersbandwidthexceed99=0 empty_trash_days=disabled enable_piped_logs=1 enablecompileroptimizations=0 enablefileprotect=1 enforce_user_account_limits=0 engine=cpanel enginepl=cpanel.pl engineroot=/usr/local/cpanel exim-retrytime=180 exim_retention_days=1 eximmailtrap=1 extracpus=0 file_upload_max_bytes file_upload_must_leave_bytes=5 file_usage=0 ftpquotacheck_expire_time=30 ftpserver=pure-ftpd gzip_compression_level=6 gzip_pigz_block_size=4096 gzip_pigz_processes=2 horde_cache_empty_days=disabled htaccess_check_recurse=2 httpd_deferred_restart_time=0 ignoredepreciated=0 invite_sub=1 ionice_bandwidth_processing=6 ionice_cpbackup=6 ionice_dovecot_maintenance=7 ionice_email_archive_maintenance=7 ionice_ftpquotacheck=6 ionice_log_processing=7 ionice_quotacheck=6 ionice_userbackup=7 ionice_userproc=6 ipv6_control=0 ipv6_listen=0 jailapache=0 jaildefaultshell=0 jailmountbinsuid=0 jailmountusrbinsuid=0 jailprocmode=mount_proc_jailed_fallback_full keepftplogs=0 keeplogs=0 keepstatslog=0 loadthreshold local_nameserver_type=powerdns log_successful_logins=0 logchmod=0640 logout_redirect_url= mailbox_storage_format=maildir mailserver=dovecot maintenance_rpm_version_check=1 maintenance_rpm_version_digest_check=1 maxcpsrvdconnections=200 maxemailsperhour=100 maxmem=4096 min_time_between_apache_graceful_restarts=10 minpwstrength=65 modsec_keep_hits=7 mycnf_auto_adjust_innodb_buffer_pool_size=0 mycnf_auto_adjust_maxallowedpacket=1 mycnf_auto_adjust_openfiles_limit=1 mysql-host=localhost mysql-version=10.3 nobodyspam=0 nocpbackuplogs=0 nosendlangupdates=0 notify_expiring_certificates=1 numacctlist overwritecustomproxysubdomains=0 overwritecustomsrvrecords=0 permit_appconfig_entries_without_acls=0 permit_appconfig_entries_without_features=0 permit_unregistered_apps_as_reseller=0 permit_unregistered_apps_as_root=0 php_max_execution_time=90 php_post_max_size=55 php_system_default_version=ea-php74 php_upload_max_filesize=50 phploader= phpopenbasedirhome=0 pma_disableis=0 popbeforesmtp=0 popbeforesmtpsenders=0 product=cPanel proxysubdomains=0 proxysubdomainsoverride=0 publichtmlsubsonly=1 query_apache_for_nobody_senders=1 referrerblanksafety=1 referrersafety=1 remotewhmtimeout=35 repquota_timeout=60 requiressl=1 resetpass=0 resetpass_sub=0 root=/usr/local/cpanel rotatelogs_size_threshhold_in_megabytes=10 roundcube_db=sqlite rpmup_allow_kernel=0 selfsigned_generation_for_bestavailable_ssl_install=1 send_error_reports=1 server_locale=en show_reboot_banner=1 showwhmbwusageinmegs=0 signature_validation=Release Keyring Only skip_chkservd_recovery_notify=0 skipanalog=1 skipapacheclientsoptimizer=0 skipawstats=1 skipboxcheck=1 skipboxtrapper=1 skipbwlimitcheck=1 skipchkservd=0 skipcpbandwd=0 skipdiskcheck=0 skipdiskusage=0 skipeximstats=0 skipfirewall=0 skiphorde=0 skiphttpauth=1 skipjailmanager=0 skipmailauthoptimizer=0 skipmailman=0 skipmodseclog=0 skipnotifyacctbackupfailure=0 skipoomcheck=0 skipparentcheck=0 skiprecentauthedmailiptracker=0 skiproundcube=0 skipspamassassin=0 skipspambox=1 skiptailwatchd=0 skipwebalizer=1 smtpmailgidonly=0 ssh_host_key_checking=0 ssl_default_key_type=rsa-2048 stats_log=/usr/local/cpanel/logs/stats_log statsloglevel=1 statthreshhold=256 system_diskusage_critical_percent=98.5000 system_diskusage_warn_percent tcp_check_failure_threshold=3 transfers_timeout=1800 tweak_unset_vars=enforce_user_account_limits,skipfirewall upcp_log_retention_days=3 update_log_analysis_retention_length=90 use_apache_md5_for_htaccess=1 use_information_schema=1 useauthnameservers=0 usemailformailmanurl=0 usemysqloldpass=0 userdirprotect=0 verify_3rdparty_cpaddons=0 version=3.4 xframecpsrvd=1 xsrftokens=10 -
Okay, so you're saying that xsrftokens is now set to 1 without you having made any other changes to the machine? Did you recently get a cPanel update, even a minor version? 0 -
To be clear, I set xsfrtokens=1 in December 2020. I haven't changed anything since then, but I do see that cpanel.config was last modified on May 25 @ 12:55am. So maybe there was an update then? If it helps, WHM shows: CENTOS 7.9 vzcontainer [server_name] v94.0.10 and cPanel shows 96.0.8 0 -
Since your machine started out on 94.0.10, I did the following: -created a 94.0.9 machine and added the xsrftokens=1 value to /var/cpanel/cpanel.config. -updated the server to 94.0.10 - no change on that value. -updated to 96.0.8 - no change on that value. With that testing I don't have any additional details on that, and I haven't seen other reports of tweak settings being modified. You're always welcome to submit a ticket to our team so we can check your specific environment if you'd like. 0 -
I think maybe I'm not explaining it well... The value isn't physically going away or anything, it's just not working. I use T-Mobile internet at home (which is infinitely faster than local DSL!), but the IP seems to change every few hours. So where I keep 3 tabs of PMA open at all times, at least a few times a day I'll try to access one of the tabs and be confronted with a Security Token error. I then have to log back in, then reimport my PMA settings, then select the database, then select the table I was working on, and then paste the query back in. And I have to do that on all 3 tabs. 0 -
Oooooh I get it now! I thought you meant the value was actually getting removed from the file. Let me play with this and I'll see what I find... 0 -
I'm not able to reproduce an issue with the token value at this time, although I must admit I had to do some hackery to get a different IP address on my local system. The behavior you are experiencing would be caused by the cPanel sessions alone unrelated to the token value, as that access session is linked to an IP address. I tested this by connecting to WHM from my local machine, then joining a VPN and refreshing the page. My connection was dropped with the "Your IP address has changed. Please log in again." error in the interface. 0
Please sign in to leave a comment.
Comments
10 comments