Author Topic: CWP Invalid session on login  (Read 2176 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CWP Invalid session on login
« on: July 05, 2023, 06:40:00 AM »
Good afternoon brains trust,

We have a somewhat annoying situation that maybe someone has a fix for..

If we hide CWP behind Cloudflare proxy, as soon as you log into it, you get an invalid session error and are logged out. Then, it may take 4-5 tries to log back in and even IF it lets you in, the same happens.

Now, if we stop Cloudflare proxying the connection, runs flawlessly.

It's a VMware virtual machine running CloudLinux (there's 2 boxes actually, same issue for both).

Thoughts?

Offline
*****
Re: CWP Invalid session on login
« Reply #1 on: July 06, 2023, 02:23:32 AM »
Did you look at creating a Cloudflare firewall rule to allow your CWP admin port (2031 or 2087 or whatever)?

Offline
*
Re: CWP Invalid session on login
« Reply #2 on: July 06, 2023, 04:05:57 AM »
Did you look at creating a Cloudflare firewall rule to allow your CWP admin port (2031 or 2087 or whatever)?

We're wanting to keep the actual servers IP hidden behind the Cloudflare proxy for DDoS mitigation. However, the email I got back from support earlier was to not proxy the hostname which is obviously not ideal for our use.

Offline
*
Re: CWP Invalid session on login
« Reply #3 on: August 24, 2023, 11:20:58 AM »
Very interested in this issue. I'm trying to solve the same problem, because the CloudFlare proxy changes the detected IP of the logged client, that's why it doesn't work. It could be solved if the real IP is passed to the CWP, so the cuestion is: How?

Offline
*
Re: CWP Invalid session on login
« Reply #4 on: August 24, 2023, 11:33:13 AM »
I believe that the issue could be solved easily if the CWP developers change the code to get the real IP. Because you can notice that at the bottom of the CWP dashboard where it says "Your IP" that it's wrong when using behind the CLoudFlare proxy. It can be observed for a moment, just before being logged out from the panel.

May be anybody knows how to suggest this to the CWP team, because it's really a very small change into the source code. But may be I'm wrong. Just my two cents trying to provide a solution
« Last Edit: August 24, 2023, 11:36:00 AM by Longhorn »

Offline
*
Re: CWP Invalid session on login
« Reply #5 on: December 19, 2024, 10:10:26 AM »
Did anyone find a solution to this? I'm facing this problem in 2024 as it still exists...

Offline
*****

Offline
***
Re: CWP Invalid session on login
« Reply #7 on: December 19, 2024, 10:48:20 PM »
Here's a starting point...
https://www.alphagnu.com/topic/28-cwp-apache-restore-original-visitor-ips-with-mod_remoteip-when-using-cloudflare-proxy/

It will not work and here is why:

CWPSRV is based on Nginx and compiled without ngx_http_realip_module:
https://nginx.org/en/docs/http/ngx_http_realip_module.html

Here is the compilation options of cwpsrv:
Code: [Select]
configure arguments: --prefix=/usr/local/cwpsrv --sbin-path=/usr/local/cwpsrv/bin/cwpsrv --conf-path=/usr/local/cwpsrv/conf/cwpsrv.conf --pid-path=/usr/local/cwpsrv/var/run/nginx.pid --error-log-path=/usr/local/cwpsrv/logs/error_log --http-log-path=/usr/local/cwpsrv/logs/access_log --user=root --group=root --with-http_ssl_module --with-http_gzip_static_module --with-file-aio --with-http_secure_link_module --with-http_ssl_module --add-module=src/misc/ngx_http_auth_pam_module

Sure, it is possible to recompile cwpsrv but you will have to do it every time once cwpsrv binary package is updated.

Therefore, I think will be better if the developers of CWP add support of ngx_http_realip_module to cwpsrv.

« Last Edit: December 19, 2024, 10:51:42 PM by cyberspace »