OWASP® ModSecurity CRS
The OWASP (Open Web Application Security Project) ModSecurity CRS (Core Rule Set) is a set of rules that Apache®'s ModSecurity® module can use to help protect your server.
Security
PCI Compliance and Software Versions
This document discusses some of the specific software packages that contain known vulnerabilities. This document will also help you determine whether developers used the backport process to patch a software package.
PHP Security Concepts
Web applications written in PHP may contain security vulnerabilities that malicious users can exploit to gain sensitive information about your system or your users.
Recommended Security Settings
This document details how to secure your server.
Security Best Practices
This document describes some security best practices you can use to protect your cPanel & WHM users, files, and websites.
Security Levels
This document explains the security levels for advisories that we post on our Security page.
SSL/TLS Key Types
This document explains the differences between SSL/TLS key types.
The failurls File
If a user fails to authenticate with cPanel through a custom login form, the /var/cpanel/failurls file allows a reseller to redirect that user to a custom error page.
The ModSecurity® Guardian Log
This document explains how to install and configure Apache's httpd-guardian script, which allows you to use ModSecurity's SecGuardianLog directive.
The SSL Installation and Precedence Logic
This document explains the SSL installation and precedence logic.
Tips to Make Your Server More Secure
This document lists several tips that you can use to make your cPanel & WHM server more secure.
Troubleshoot SSL-Related Issues
This document outlines some common SSL-related issues and how you can troubleshoot and resolve them.