{“errorMessage”: “Session reuse detected, IPAddress logged.”, “error_message”: “Session reuse detected, IPAddress logged.”}
Can you point me how to fix/disable this?
My IP is dynamic, so every now and then it will be changed by my ISP. Sometimes it’s minutes, and it can be hours.
Before (1.8.6 or older) this is not a problem.
Do you want to remove this limitation?
I have the same problem, I have to go straight, only a vps is not accessible. How to troubleshoot this issue
If your IP change frequently and you don’t need this protection, you can edit this file
https://github.com/usmannasir/cyberpanel/blob/1.8.0/CyberCP/secMiddleware.py
Remove line 11-40.
On server this file is available at /usr/local/CyberCP/CyberCP
then systemctl restart lscpd
I did the procedure, but in the browser returns error 500 (solved - it was my mistake)
Thanks Cyber Panel got it.
after I started giving this problem I would switch panels, but there is no better panel with this support.
pls fix it
I same err
after remove line 11-40, i don’t use cyberpanel access anybutton
please fix that problem, 
still can not working anymore
If your IP change frequently and you don't need this protection, you can edit this filehttps://github.com/usmannasir/cyberpanel/blob/1.8.0/CyberCP/secMiddleware.py
Remove line 11-40.
On server this file is available at
/usr/local/CyberCP/CyberCPthen
systemctl restart lscpd
How can i edit that file on my server? im not know that 
I did the procedure, but in the browser returns error 500 (solved - it was my mistake)
i got error: 500
what’s next?
It is possible that you remove some additional lines from secMiddleware.py which is why you are getting 500 error.
@anhtuanIt is possible that you remove some additional lines from settings.py which is why you are getting 500 error.
please lest me now for fix that! which line to remove in setting.py?. so now im swicth to vpssim.
In your secMiddleware.py file remove these lines
try:
uID = request.session['userID']
ipAddr = request.META.get('REMOTE_ADDR')
if ipAddr.find('.') > -1:
if request.session['ipAddr'] == ipAddr:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('REMOTE_ADDR'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
if request.session['ipAddr'] == ipAddr:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('REMOTE_ADDR'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except:
pass
Usually they are in line 11-40. Final code shoud look like
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
import json
from django.shortcuts import HttpResponse
class secMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
try:
uID = request.session['userID']
ipAddr = request.META.get('REMOTE_ADDR')
if request.method == 'POST':
try:
#logging.writeToFile(request.body)
data = json.loads(request.body)
for key, value in data.iteritems():
if request.path.find('gitNotify') > -1:
break
# if request.path.find('users') > -1 or request.path.find('firewall') > -1 or request.path.find('servicesAction') > -1 or request.path.find('sslForHostName') > -1:
# logging.writeToFile(request.body)
# final_dic = {'error_message': "Data supplied is not accepted.",
# "errorMessage": "Data supplied is not accepted."}
# final_json = json.dumps(final_dic)
# return HttpResponse(final_json)
if type(value) == str or type(value) == unicode:
pass
else:
continue
if request.build_absolute_uri().find('saveSpamAssassinConfigurations') > -1 or request.build_absolute_uri().find('docker') > -1 or request.build_absolute_uri().find('cloudAPI') > -1 or request.build_absolute_uri().find('filemanager') > -1 or request.build_absolute_uri().find('verifyLogin') > -1 or request.build_absolute_uri().find('submitUserCreation') > -1:
continue
if key == 'ports' or key == 'imageByPass' or key == 'passwordByPass' or key == 'cronCommand' or key == 'emailMessage' or key == 'configData' or key == 'rewriteRules' or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' or key == 'fileContent':
continue
if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \\
or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \\
or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find("{") > -1 or value.find("}") > -1\\
or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
logging.writeToFile(request.body)
final_dic = {'error_message': "Data supplied is not accepted.",
"errorMessage": "Data supplied is not accepted."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
if key.find(';') > -1 or key.find('&&') > -1 or key.find('|') > -1 or key.find('...') > -1 \\
or key.find("`") > -1 or key.find("$") > -1 or key.find("(") > -1 or key.find(")") > -1 \\
or key.find("'") > -1 or key.find("[") > -1 or key.find("]") > -1 or key.find("{") > -1 or key.find("}") > -1\\
or key.find(":") > -1 or key.find("<") > -1 or key.find(">") > -1:
logging.writeToFile(request.body)
final_dic = {'error_message': "Data supplied is not accepted.", "errorMessage": "Data supplied is not accepted."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except BaseException, msg:
logging.writeToFile(str(msg))
response = self.get_response(request)
return response
response = self.get_response(request)
return response
and this file is available at /usr/local/CyberCP/CyberCP
@CyberPanel : line 11 is: try
and line 40 is: pass
https://43.224.33.39:8090/websites/
Error 500 here
Create ticket and mention ticket number here.
Create ticket and mention ticket number here.
Ticket #5FJ7PV thanks
Hi 500 server error start.
Please confirm if 2 lines required or not. As your above not clear…
try:
uID = request.session[‘userID’]
ipAddr = request.META.get(‘REMOTE_ADDR’)
The final code should look like ??
Why again in these 3 lines?
try:
uID = request.session[‘userID’]
ipAddr = request.META.get(‘REMOTE_ADDR’)
Its showing 500 server error. Please help.
Backup current config
mv /usr/local/CyberCP/secMiddleware.py /usr/local/CyberCP/secMiddleware.py-bak
Download new version.
wget -O /usr/local/CyberCP/secMiddleware.py https://github.com/usmannasir/cyberpanel/raw/stable/CyberCP/secMiddleware.py
then download run the upgrade/update cache clearing script
wget -O /usr/local/CyberCP/upgrade.sh https://github.com/usmannasir/cyberpanel/raw/stable/upgrade.sh
chmod +x /usr/local/CyberCP/upgrade.sh
Then run this and give it a few minutes to clear cache and restart cyberpanel daemon
bash /usr/local/CyberCP/upgrade.sh
This should bring it back to stock.
The file has probably changed some since the original post was made.
Looks like relevant lines are 12-41 that need removed or commented out.
If you want to easily remove the lines via commenting them out(make them inactive)
this can be done via sed command below.
sed -i ‘12,41 s/^/#/’ /usr/local/CyberCP/CyberCP/secMiddleware.py
You can then confirm it via checking the lines right before and after.
sed -n ‘10,42p’ /usr/local/CyberCP/CyberCP/secMiddleware.py
Before:
root@ubuntu:~# sed -n ‘10,42p’ /usr/local/CyberCP/CyberCP/secMiddleware.py
def __call__(self, request):
try:
uID = request.session['userID']
ipAddr = request.META.get('REMOTE_ADDR')
if ipAddr.find('.') > -1:
if request.session['ipAddr'] == ipAddr:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('REMOTE_ADDR'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
if request.session['ipAddr'] == ipAddr:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('REMOTE_ADDR'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except:
pass
if request.method == 'POST':
root@ubuntu:~#
After:
root@ubuntu:~# sed -i ‘12,41 s/^/#/’ /usr/local/CyberCP/CyberCP/secMiddleware.py
root@ubuntu:~# sed -n ‘10,42p’ /usr/local/CyberCP/CyberCP/secMiddleware.py
def __call__(self, request):
if request.method == 'POST':
root@ubuntu:~#
root@ubuntu:~# systemctl restart lscpd
root@ubuntu:~#
Actually, I coded an option you can enable or disable this within that file.
I do not have a dynamic session that changes to verify it that works, but the file works on my test server and has an if condition to only run if ‘true’ so in theory should work for you to toggle it off by setting value to ‘false’ without having to comment or delete lines in the core file which bound to be error-prone.
Download the file with option to toggle.
wget -O /usr/local/CyberCP/secMiddleware.py https://github.com/usmannasir/cyberpanel/raw/c335952b2a350690c79082e8ffb45cfebd2c039c/CyberCP/secMiddleware.py
Default: On ‘true’
To set to On ‘true’
sed -i “s/^sessionIPValidation =.*/sessionIPValidation = ‘true’/g” /usr/local/CyberCP/CyberCP/secMiddleware.py
To set to Off: ‘false’
sed -i “s/^sessionIPValidation =.*/sessionIPValidation = ‘false’/g” /usr/local/CyberCP/CyberCP/secMiddleware.py
To check status:
grep -E ‘^sessionIPValidation’ /usr/local/CyberCP/CyberCP/secMiddleware.py
Example of this toggled to On(true): Default
root@ubuntu:~# grep -E ‘^sessionIPValidation’ /usr/local/CyberCP/CyberCP/secMiddleware.py
sessionIPValidation = ‘true’
root@ubuntu:~#
Example of this toggled to Off(false):
root@ubuntu:~# grep -E ‘^sessionIPValidation’ /usr/local/CyberCP/CyberCP/secMiddleware.py
sessionIPValidation = ‘false’
root@ubuntu:~#
After toggling:
systemctl restart lscpd||service lscpd restart
Test
If it works ill submit a pull request to have it merged to the stable branch.