Page tree
Skip to end of metadata
Go to start of metadata

This document is for a previous release of cPanel & WHM. To view our latest documentation, visit our Home page.

For cPanel & WHM 11.46

Home >> Server Configuration >> Tweak Settings )

 

Allow autocomplete in login screens.

This setting allows you to specify whether users can save their cPanel, WHM, and Webmail login passwords in the browser's cache. This setting defaults to On.

 

CGIEmail and CGIEcho

This setting allows you to control whether CGIEmail and CGIEcho are available on the system. These two legacy cgi-sys scripts interpret files in a user's public_html  directory as potential input templates if they contain the characters  [  and ] . This setting defaults to On for backward compatibility.

 

Hide login password from cgi scripts

This setting allows you to hide the REMOTE_PASSWORD variable from scripts that the cpsrvd daemon's CGI handler executes. Set this value to On to hide the REMOTE_PASSWORD variable. This setting defaults to Off .

Note:

This setting does not hide the REMOTE_PASSWORD variable from phpMyAdmin.

 

Cookie IP validation

This setting allows you to validate IP addresses for cookie-based logins. Enable this option to deny attackers the ability to capture cPanel session cookies in order to gain access to your server's cPanel and WHM interfaces.

Select one of the following options:

  • disabled — Does not validate IP addresses.
  • loose — The access IP address and the cookie IP address must be in the same class C subnet.
  • strict — The access IP address and the cookie IP address must match exactly. This is the default value.

Note:

To use this feature most effectively, disable the Proxy subdomain settings in the Domains section of the Tweak Settings interface.

 

Generate core dumps

This setting allows you to specify whether cPanel & WHM’s services create core dumps. Core dumps are useful when you debug a service. This setting defaults to Off.

Warning:

Core dumps contain sensitive information. Be sure to keep them secure.

 

Send passwords when creating a new account

This setting allows you to send new users their passwords in plaintext over email when you create a new account. This setting defaults to Off.

Warning:

We recommend that you do not enable this option. It is a security risk.

 

Blank referrer safety check

This setting allows you to grant the user the ability to limit the functions that cPanel & WHM performs. Each attempt to submit data to cPanel & WHM must have a referral URL. This helps to prevent cross-site request forgery (XSRF) attacks. This setting defaults to Off.

Warning:

If you enable this option, it may break integration with other systems, login applications, and billing software.

Note:

The visitor or querying application must enable cookies for this feature to take effect.

 

Referrer safety check

This setting allows you to grant the user the ability to limit the functions that cPanel & WHM performs. Each attempt to submit data to cPanel & WHM must have a referral URL for which the domain or IP address and port number exactly match those of the destination URL. This helps to prevent cross-site request forgery (XSRF) attacks. This setting defaults to Off.

Warning:

If you enable this option, it may break integration with other systems, login applications, and billing software.

Note:

The visitor or querying application must enable cookies for this feature to take effect.

 

Require SSL

This setting allows you to require that passwords and other sensitive information use SSL encryption. This setting defaults to On.

Note:

We strongly recommend that you enable this option.

 

Allow PHP to be run when logged in as a reseller to WHM

This setting allows you to specify whether resellers can run PHP in WHM. This setting defaults to Off.

Warning:

Take special precautions when you enable this functionality. WHM's PHP runs as the root system user. 

 

Allow apps that have not registered with AppConfig to be run when logged in as a reseller in WHM

This setting allows you to specify whether applications that are not registered with AppConfig run when you log in to WHM as a reseller. If you disable this setting, resellers can only run applications that are registered with AppConfig. This setting defaults to Off.

Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM

This setting allows you to specify whether applications that are not registered with AppConfig run when you log in as a root-enabled user. If you disable this setting, root-level users can only run applications that are registered with AppConfig. This setting defaults to Off.

 

This setting allows WHM applications and addons to execute even if an ACL list has not been defined.

This setting allows you to control whether registered AppConfig applications and addons execute if a required ACL is not defined. If you disable this setting, cPanel & WHM will force registered AppConfig applications and addons to set an ACL list before they can run. This setting defaults to Off.

 

This setting allows cPanel and Webmail applications and addons to execute even if a feature list has not been defined.

This setting allows you to control whether registered AppConfig cPanel and Webmail apps can execute if a required features list is not defined. If you disable this setting, cPanel & WHM will force registered AppConfig cPanel and Webmail apps to set a Required Features list before they can run. This setting defaults to Off.

 

Use MD5 passwords with Apache

This setting allows you to specify whether the system uses MD5 hashing for new passwords in Apache .htpasswd files. When you disable this option, Apache uses crypt hashing. Because Apache .htpasswd files can contain a mix of crypt-encoded and MD5-encoded passwords without issue, this setting does not change the encoding of any existing passwords. This setting defaults to On .

Note:

MD5-encoded passwords are more secure than crypt-encoded passwords. Crypt only uses the first eight characters of the password for authentication, but MD5 passwords can be any length.

 

 

EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell.

When you enable this setting, the mod_ruid2 module uses the chroot command on Apache virtual hosts. This action will run Apache virtual hosts in an environment with an altered root directory. This setting defaults to Off.

Warning:

We do not recommend that system administrators use this option with CentOS 5 or Red Hat Enterprise Linux 5 because these operating systems distribute older kernels with limitations. The Linux kernel versions for these operating systems and the number of bind mounts that VirtFS requires make it difficult to ensure system stability.

Notes:

  • This option is only available if you compiled Apache through EasyApache and installed mod_ruid2 version 0.9.4a or later.
  • You can use this option CentOS or Red Hat Enterprise Linux® 5 or 6.
  • This option is unavailable on systems that run CentOS or Red Hat Enterprise Linux version 5 with 256 or more users.

 

This setting enables the JailManager TailWatch Driver module. JailManager keeps each VirtFS filesystem jail shell in sync with the root filesystem. JailManager also returns the VirtFS filesystem jailed shells to a usable state when the system is rebooted. There is no need to enable or disable JailManager in the Service Manager interface because this setting controls the module's state.

 

After you enable this option, each user who configured jailshell or noshell as the shell will experience the following changes:

  • The chroot command will jail the user's Apache Virtual Hosts into the /home/virtfs directory.
  • The RDocumentChRoot directive will be added to the user's Virtual Host.

 

 <IfModule mod_ruid2.c>
        RMode config
        RUidGid kellyp kellyp
 ==>    RDocumentChRoot /home/virtfs/kellyp /home/kellyp/public_html <==
 </IfModule>

 

  • The user's filesystem view will be limited to their /home/virtfs/$USER filesystem. Various jail shell-related options in the Tweak Settings interface control the /home/virtfs/$USER filesystem configuration.