System -> Site Features -> API = Infinite Login

[H5K]

Whenever I click the API link in the Admin CP I immediately get redirected to the admin login page. Despite logging in with correct info, I am redirected to the login page again.

Not seeing anything in error logs. Fresh install (< 2 months old), latest version, no custom admin CP theme.

I've already tried disabling mod_security, cloudflare, and firewall.

[Mark H]

I would check with your host about whether you actually had mod_security disabled.

That symptom of being redirected to login is almost always due to mod_security or another security program of some sort that's blocking certain URL's.

modsec is controlled by a server-level configuration. Some hosts allow individual account overrides, but not all of them, and you would need to verify with your host that you are allowed to override on your account. (If they do allow it, verify you have overridden it correctly.)

[H5K]

14 minutes ago, Mark H said:

I would check with your host about whether you actually had mod_security disabled.

That symptom of being redirected to login is almost always due to mod_security or another security program of some sort that's blocking certain URL's.

modsec is controlled by a server-level configuration. Some hosts allow individual account overrides, but not all of them, and you would need to verify with your host that you are allowed to override on your account. (If they do allow it, verify you have overridden it correctly.)

 

We're running on our own dedicated server using WHM. I've attached screenshots of everywhere I remembered to disable mod_security. Unfortunately we still have the issue. Thanks for the help.

 

[Jim M]

Unfortunately, you would need to evaluate this yourself or with your server administrator if you are unsure. I'm afraid, we can only provide suggestions when it comes to server configuration and actually performing the work is up to you and your hosting provider/server administrator. You may wish to also disable any custom .htaccess rewrite/redirect rules as this may also be effecting it. Note, they could be up a directory too based on your server configuration.

[H5K]

5 minutes ago, Jim M said:

Unfortunately, you would need to evaluate this yourself or with your server administrator if you are unsure. I'm afraid, we can only provide suggestions when it comes to server configuration and actually performing the work is up to you and your hosting provider/server administrator. You may wish to also disable any custom .htaccess rewrite/redirect rules as this may also be effecting it. Note, they could be up a directory too based on your server configuration.

I've checked and there is not an htaccess that should be affecting it. Same with rewrite rules. I'm a software engineer and while I don't specialize in web dev I have done as much troubleshooting as I could think of.

I've been an IPS customer for close to 10 years now, and there used to be a time where the team actually connected via SSH to help troubleshoot. It's disappointing that-that great level of customer service is no longer provided to your self-hosted customers (I've expressed this concern before via ticket). I'd pay for a support package if it was offered.

Does this URL mean anything to you guys? It's what is appearing after the redirect:

?app=core&module=system&controller=login&error=&ref=YXBwPWNvcmUmbW9kdWxlPWFwcGxpY2F0aW9ucyZjb250cm9sbGVyPWFwaQ==

EDIT: PS -- also tried updating to PHP 8.1 and disabling pretty much everything security related I could find.

Edited November 15, 2022 by H5K

[H5K]

Wow, worked in Chrome...

[Jim M]

16 minutes ago, H5K said:

I've checked and there is not an htaccess that should be affecting it. Same with rewrite rules. I'm a software engineer and while I don't specialize in web dev I have done as much troubleshooting as I could think of.

I've been an IPS customer for close to 10 years now, and there used to be a time where the team actually connected via SSH to help troubleshoot. It's disappointing that-that great level of customer service is no longer provided to your self-hosted customers (I've expressed this concern before via ticket). I'd pay for a support package if it was offered.

Does this URL mean anything to you guys? It's what is appearing after the redirect:

?app=core&module=system&controller=login&error=&ref=YXBwPWNvcmUmbW9kdWxlPWFwcGxpY2F0aW9ucyZjb250cm9sbGVyPWFwaQ==

EDIT: PS -- also tried updating to PHP 8.1 and disabling pretty much everything security related I could find.

I am sorry to hear you are not happy. However, self-hosting is self-managed so while I can't speak for what happened in the past, I can tell you that your server configuration is your responsibility to manage but as my colleague and I stated, we will provide you with what may be impacting you, it is up to yourself to actually check and resolve those items.

8 minutes ago, H5K said:

Wow, worked in Chrome...

Glad to hear it's working. What browser were you previously trying in? Did you have any plugins installed? 

[H5K]

7 minutes ago, Jim M said:

I am sorry to hear you are not happy. However, self-hosting is self-managed so while I can't speak for what happened in the past, I can tell you that your server configuration is your responsibility to manage but as my colleague and I stated, we will provide you with what may be impacting you, it is up to yourself to actually check and resolve those items.

Glad to hear it's working. What browser were you previously trying in? Did you have any plugins installed? 

Firefox is what I was using prior. Thanks for the help and support, regardless.

If you could, please review this new issue I am having when you get a chance:

https://invisioncommunity.com/forums/topic/470590-apicoremessages-invalid-sender/#comment-2915450

Edited November 15, 2022 by H5K