Login History doesn't show for Proxied / SSO logins

Troy · April 27, 2026, 5:28pm

While I understand why SSO from a billing system doesn’t need to be logged as a login since it will just show the billing system IP and the authentication is done on the billing system side of things, I do think CP Proxy logins should be recorded on the server where the account resides. Since the data is available on the proxy and passed to the remote server, it should be logged for customer that want an actual audit log of access to their account.

I put this as support because maybe it is supposed to do that and it’s not, maybe I need to make a change or maybe this is a feature request. I’m open to suggestions and will resubmit as a feature request if needed.

On this topic, where are authentications actually logged on the proxy if a customer wanted a report of login history for a given timeframe? Is this in appldb or system log files?

msaladna · April 27, 2026, 5:35pm

Proxy logins are indeed retained when configured correctly. This is covered in the docs. See Proxy > Passing IP Address.

Login history available programmatically in auth:get-login-history or directly in apnscp.login_log MariaDB table.

e.g. here’s a snippet of all interactions through hostineer.com for the demosite:

+---------------------+-----------------+-------------+
| login_date          | inet_ntoa(ip)   | domain      |
+---------------------+-----------------+-------------+
| 2024-08-08 23:50:04 | 165.23.215.130  | example.com |
| 2024-08-17 23:53:43 | 165.23.215.130  | example.com |
| 2024-08-20 13:21:05 | 89.81.4.87      | example.com |
| 2024-08-20 15:27:14 | 104.28.233.138  | example.com |
| 2024-08-22 07:41:54 | 194.183.165.212 | example.com |
| 2024-08-22 07:48:12 | 194.183.165.212 | example.com |
| 2024-08-22 15:36:06 | 12.75.40.97     | example.com |
| 2024-08-22 23:56:51 | 123.231.124.8   | example.com |
| 2024-08-24 09:57:41 | 90.210.32.199   | example.com |
| 2024-08-28 13:24:50 | 146.120.200.202 | example.com |
+---------------------+-----------------+-------------+
10 rows in set (0.009 sec)

Troy · April 27, 2026, 6:15pm

Ok, so as long as the core.http_trusted_forward setting in config/custom/config.ini contains the proxy IP on all servers that utilize the proxy, then it should work.

Got it, and it’s how I’ve been configured for years. Not sure why I don’t see the login history on accounts unless this customer has only ever used the SSO feature in WHMCS. That part hasn’t been clarified by them yet.

msaladna · April 28, 2026, 2:41pm

If the only feature used was SSO from within WHMCS, then no - SSOs aren’t visible directly for the client. WHMCS should have activity of the client logging in, however. SSO events are visible in /var/log/secure as “cp/stub” authentication.