Announcement

Collapse
No announcement yet.

Error, In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error, In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist.

    We recently upgraded from 4.2.3 to 5.4.4
    Everything is configured and we placed the new forum live. But after we did that we can no longer access AdminCP. When we try to do that and we login we get the error - In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist.

    We were given these directions from support to fix the problem but my MIS people don't understand them and need more detail or an example what to do.
    Is this purely a DB edit? Or is this a Unix command line commands or both? I need to know this because I need to give it to the right people to work on. We don't have one person who does the application, Unix and DB so makes troubleshooting and fixing things hard for us.
    This is the directions support gave us which we cant get a detailed explanation about or examples.
    Can anyone help?

    You can add to the redirect whitelist with this query:

    update setting set value="https://domain1.com/\nhttps://domain2.com/\nhttps://domain3.com" where varname="redirect_whitelist";

    Or you can turn off the feature complete with this query:
    update setting set value="1" where varname="redirect_whitelist_disable";

    To allow these variables to take effect, you have to clear several rows in the datastore table as well.

    delete from datastore where title in ("miscoptions","options","publicoptions");

    To rebuild the datastore, you have to load the front-end of the site in your browser or use tools.php.


  • #2
    You would run the commands against your database. They are SQL queries.

    Code:
    update setting set value="https://domain1.com/\nhttps://domain2.com/\nhttps://domain3.com" where varname="redirect_whitelist";
    update setting set value="1" where varname="redirect_whitelist_disable";
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      Hello,

      Well we had our DBA do all of the above and we still get the whitelist error and cannot access our AdminCP.
      We even tried to turn off the whitelist feature buy doing the above.

      Or you can turn off the feature complete with this query:
      update setting set value="1" where varname="redirect_whitelist_disable";

      Even that didn't work.
      And we still get the same error Error, In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist


      We found a temporary way to disable the whitetlist and added “define('SKIP_REFERRER_CHECK', true);” in the config.php that disables the whitelist feature.

      But now we are venerable to attacked to the AdminCP configured like this and that's not a solution for us.


      A question do we have this section configured properly for the whitelist to function? My MIS people are asking do we have the syntax correct here? Should we be using it at all?

      Click image for larger version  Name:	whitelist.jpg Views:	0 Size:	29.0 KB ID:	4406674

      Comment


      • #4
        Hi

        I am getting same error "In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist." while trying to login with admincp (xxx.com/admincp/index.php).

        Using "define('SKIP_REFERRER_CHECK', true);" this line in config file, i am able to access admin (xxx.com) but need to change url because after login it always redirecting to another domain (yyy.com) login page.

        Please help.

        Comment


        • #5
          Using the whitelist is outdated and will become more and more problematic as security on the web is tightened overall. You should really redirect these URLs to your primary domain as defined in the AdminCP under Settings -> Options -> Site Name / URL / Contact Details.

          You can add domains to the Whitelist on this same settings page.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API - Full / Mobile
          Vote for your favorite feature requests and the bugs you want to see fixed.

          Comment


          • #6
            Thanks Wayne.

            I added the other two domains in the AdminCP under Settings -> Options -> Site Name / URL / Contact Details -> Redirect Domain Whitelist
            And also Disable Redirect Domain Checking -> yes
            but still getting the same thing.


            After removing this line from config "define('SKIP_REFERRER_CHECK', true);", getting error when trying to login admin "In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist."

            With this line "define('SKIP_REFERRER_CHECK', true);", getting the redirect on other domain admin login page when trying to login admin.

            Please suggest to me, how I can stop to primary domain to redirect on other one domain (2nd one).


            Comment


            • #7
              As I stated, the Whitelist is becoming obsolete, if not already. Use the Primary Domain as your Forum URL under Settings -> Options -> Site Name / URL / Contact Details.

              All domains should actually redirect to your primary domain at the server level before the user even hits the vBulletin Software. Otherwise, you will have problems with your HTTPS encryption, lose Search Engine Ranking, and experience many other problems with the software.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API - Full / Mobile
              Vote for your favorite feature requests and the bugs you want to see fixed.

              Comment


              • #8


                Our previous version 4.2.5 forum was running on these 3 domains, So i can’t redirect those 2 domains on primary one.

                In setting->options->Site Name/URL/contact details I have entered primary url

                so there is no issues on front end links like post, channels, etc

                problem is when trying to login then it redirect to another domain or getting that error

                thanks

                Comment


                • #9
                  The web was a completely different place a decade ago when vBulletin 4.X was released. After widespread website hacking in the last five years, a lot of things have changed. We've worked to incorporate these security systems into vBulletin as well. vBulletin 5 doesn't work properly when "redirecting" to another domain due to the security enhancements of the web and preventing cross-domain Javascript and the lack of sharing cookies with Javascript.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API - Full / Mobile
                  Vote for your favorite feature requests and the bugs you want to see fixed.

                  Comment


                  • #10
                    Thanks, Wayne for the quick reply.

                    We are not redirecting, the other two domains are mapped on the same forum (did binding).

                    This problem I am facing with admin login only.

                    Comment


                    • #11
                      I would say that you are unlikely to get this to work.

                      vBulletin 5 is designed to work with a single URL and domain, and that's the one that is set in the admincp.
                      Any other URLs or domains should be directed at server level to the min URL before the traffic even reaches vBulletin.

                      MARK.B | vBULLETIN SUPPORT

                      TalkNewsUK - My vBulletin 5.6.1 Demo
                      AdminAmmo - My Cloud Demo

                      Comment


                      • #12
                        Thanks Mark,

                        In the forum , i am using a single domain & URL. The other 2 domains are set at the server level, I haven't change any setting in the forum.

                        But don't know how its redirection on other URL (domain) at the time of admin login (With this line in config file "define('SKIP_REFERRER_CHECK', true);"). Otherwise, admin login page giving error ""In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist."" when trying to login.

                        Still getting the same errors.

                        Comment


                        • #13
                          Originally posted by AV_whiz View Post
                          Thanks Mark,

                          In the forum , i am using a single domain & URL. The other 2 domains are set at the server level, I haven't change any setting in the forum.

                          But don't know how its redirection on other URL (domain) at the time of admin login (With this line in config file "define('SKIP_REFERRER_CHECK', true);"). Otherwise, admin login page giving error ""In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist."" when trying to login.

                          Still getting the same errors.
                          I'm not sure what you mean by "set at server level".

                          vBulletin 5 should only be using one URL on one domain, regardless of where it is set.
                          MARK.B | vBULLETIN SUPPORT

                          TalkNewsUK - My vBulletin 5.6.1 Demo
                          AdminAmmo - My Cloud Demo

                          Comment


                          • #14
                            I mean to say, 3 domains are pointing on the same forum. But Yes, I used primary domain URL in the forum as vBulletin URL, Login URL & Core URL.

                            Comment


                            • #15
                              Remove the "SKIP_REFERRER_CHECK" from your config.php. In fact if you have this defined and do not have CSRF_PROTECTION defined, it will always throw the error you're receiving. It is only used in specific instances. Otherwise, the whitelist should take effect.

                              Both of these values are really for developer use and shouldn't be defined in the config.php file since they disable a significant part of the site's security.
                              Translations provided by Google.

                              Wayne Luke
                              The Rabid Badger - a vBulletin Cloud demonstration site.
                              vBulletin 5 API - Full / Mobile
                              Vote for your favorite feature requests and the bugs you want to see fixed.

                              Comment

                              Related Topics

                              Collapse

                              Working...
                              X