Error, In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist.

**Wayne Luke** · Fri 30 Nov '18, 2:57pm

You would run the commands against your database. They are SQL queries.

Code:

update setting set value="[URL="https://domain1.com/nhttps:/domain2.com/nhttps:/domain3.com"]https://domain1.com/\nhttps://domain2.com/\nhttps://domain3.com[/URL]" where varname="redirect_whitelist";
update setting set value="1" where varname="redirect_whitelist_disable";

**Ron-ZA** · Fri 18 Jan '19, 11:35am

Hello,

Well we had our DBA do all of the above and we still get the whitelist error and cannot access our AdminCP.
We even tried to turn off the whitelist feature buy doing the above.

Or you can turn off the feature complete with this query:
update setting set value="1" where varname="redirect_whitelist_disable";

Even that didn't work.
And we still get the same error Error, In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist

We found a temporary way to disable the whitetlist and added “define('SKIP_REFERRER_CHECK', true);” in the config.php that disables the whitelist feature.

But now we are venerable to attacked to the AdminCP configured like this and that's not a solution for us.

A question do we have this section configured properly for the whitelist to function? My MIS people are asking do we have the syntax correct here? Should we be using it at all?

**AV_whiz** · Fri 8 May '20, 9:38am

Hi

I am getting same error "In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist." while trying to login with admincp (xxx.com/admincp/index.php).

Using "define('SKIP_REFERRER_CHECK', true);" this line in config file, i am able to access admin (xxx.com) but need to change url because after login it always redirecting to another domain (yyy.com) login page.

Please help.

**Wayne Luke** · Fri 8 May '20, 9:44am

Using the whitelist is outdated and will become more and more problematic as security on the web is tightened overall. You should really redirect these URLs to your primary domain as defined in the AdminCP under Settings -> Options -> Site Name / URL / Contact Details.

You can add domains to the Whitelist on this same settings page.

**AV_whiz** · Fri 8 May '20, 11:12am

Thanks Wayne.

I added the other two domains in the AdminCP under Settings -> Options -> Site Name / URL / Contact Details -> Redirect Domain Whitelist
And also Disable Redirect Domain Checking -> yes
but still getting the same thing.

After removing this line from config "define('SKIP_REFERRER_CHECK', true);", getting error when trying to login admin "In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist."

With this line "define('SKIP_REFERRER_CHECK', true);", getting the redirect on other domain admin login page when trying to login admin.

Please suggest to me, how I can stop to primary domain to redirect on other one domain (2nd one).

**Wayne Luke** · Fri 8 May '20, 11:25am

As I stated, the Whitelist is becoming obsolete, if not already. Use the Primary Domain as your Forum URL under Settings -> Options -> Site Name / URL / Contact Details.

All domains should actually redirect to your primary domain at the server level before the user even hits the vBulletin Software. Otherwise, you will have problems with your HTTPS encryption, lose Search Engine Ranking, and experience many other problems with the software.

**AV_whiz** · Fri 8 May '20, 11:40am

Our previous version 4.2.5 forum was running on these 3 domains, So i can’t redirect those 2 domains on primary one.

In setting->options->Site Name/URL/contact details I have entered primary url

so there is no issues on front end links like post, channels, etc

problem is when trying to login then it redirect to another domain or getting that error

thanks

**Wayne Luke** · Fri 8 May '20, 12:24pm

The web was a completely different place a decade ago when vBulletin 4.X was released. After widespread website hacking in the last five years, a lot of things have changed. We've worked to incorporate these security systems into vBulletin as well. vBulletin 5 doesn't work properly when "redirecting" to another domain due to the security enhancements of the web and preventing cross-domain Javascript and the lack of sharing cookies with Javascript.

**AV_whiz** · Fri 8 May '20, 11:24pm

Thanks, Wayne for the quick reply.

We are not redirecting, the other two domains are mapped on the same forum (did binding).

This problem I am facing with admin login only.

**Mark.B** · Sat 9 May '20, 1:19am

I would say that you are unlikely to get this to work.

vBulletin 5 is designed to work with a single URL and domain, and that's the one that is set in the admincp.
Any other URLs or domains should be directed at server level to the min URL before the traffic even reaches vBulletin.

**AV_whiz** · Sun 10 May '20, 11:47pm

Thanks Mark,

In the forum , i am using a single domain & URL. The other 2 domains are set at the server level, I haven't change any setting in the forum.

But don't know how its redirection on other URL (domain) at the time of admin login (With this line in config file "define('SKIP_REFERRER_CHECK', true);"). Otherwise, admin login page giving error ""In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist."" when trying to login.

Still getting the same errors.

**Mark.B** · Mon 11 May '20, 4:36am

Originally posted by AV_whiz

Thanks Mark,

In the forum , i am using a single domain & URL. The other 2 domains are set at the server level, I haven't change any setting in the forum.

But don't know how its redirection on other URL (domain) at the time of admin login (With this line in config file "define('SKIP_REFERRER_CHECK', true);"). Otherwise, admin login page giving error ""In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist."" when trying to login.

Still getting the same errors.

I'm not sure what you mean by "set at server level".

vBulletin 5 should only be using one URL on one domain, regardless of where it is set.

**AV_whiz** · Mon 11 May '20, 6:33am

I mean to say, 3 domains are pointing on the same forum. But Yes, I used primary domain URL in the forum as vBulletin URL, Login URL & Core URL.

**Wayne Luke** · Mon 11 May '20, 9:14am

Remove the "SKIP_REFERRER_CHECK" from your config.php. In fact if you have this defined and do not have CSRF_PROTECTION defined, it will always throw the error you're receiving. It is only used in specific instances. Otherwise, the whitelist should take effect.

Both of these values are really for developer use and shouldn't be defined in the config.php file since they disable a significant part of the site's security.

Error, In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist.

Error, In order to accept POST requests originating from this domain, the admin must add the domain to the whitelist.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics