Tweak Settings

Valid for versions 118 through the latest version

Version:

110

112

116

118


Last modified: February 22, 2024

Overview

This interface allows you to configure many cPanel & WHM settings. Tabs at the top of the interface categorize the settings, and the All tab displays all of the settings.

Note:
  • These settings exist in the /var/cpanel/cpanel.config file. However, we recommend that system administrators use this interface to make changes.

  • Some settings may not appear if your server does not use the Standard server profile. For more information, read our How to Use Server Profiles documentation.

  • Click the question mark next to each setting’s description to learn more about the setting.

  • The interface displays a warning icon (yellow warning icon) next to any setting for which you have not specified a value. This includes settings that are new, settings that WHM has set to a default value, and settings that your server selected dynamically.

Compression

The Compression section includes the following settings:

Setting Description Values Default
gzip compression level This setting allows you to set the gzip compression level for pigz, which is a gzip-compatible program that uses multiple CPU cores simultaneously. Higher settings provide greater compression, but compress more slowly.
  • Minimum value: 1
  • Maximum value: 9
6
Number of pigz processes This setting allows you to set how many independent pigz processes the system uses to perform gzip compression. For the best performance, we recommend that you set this value to match the number of processor cores that are available on your server.
  • Minimum value: 1
  • Maximum value: 128
This setting defaults to the number of processor cores on your server.
Number of kilobyte chunks per compression work unit This setting allows you to control the size, in 1024-byte chunks, of compression work units that the system distributes to each pigz process.
  • Minimum value: 128
  • Maximum value: 524,288
4096

cPAddons Site Software

Note:

This section does not appear on servers running the Ubuntu® operating system.

The cPAddons Site Software section includes the following settings:

Setting Description Values Default
cPAddons Site Software admin email This setting specifies a contact email address that receives cPAddon moderation requests. The system also notifies resellers if they choose to configure their contact email address in the cPanel interface.
  • A moderation request is a request from a user who wishes to install or upgrade a cPAddon. You must approve the request before the user installs or upgrades a cPAddon.
Note:
We have deprecated the moderation feature and will remove it in the future. You cannot enable moderation for any cPAddons. Any cPAddons that currently use moderation will continue to function, but if you disable this setting you cannot reactivate moderation.
To specify the cPAddon administrator’s email address, enter the email address that you wish to use in the text box. None
cPAddons Site Software source automatic updates This setting specifies whether you wish for cPanel & WHM to automatically update all of the cPAddons’ source files.
  • On — Enable
  • Off — Disable.
On
Max cPAddons Site Software installation requests This setting specifies the maximum number of moderation requests that a single user can make at one time. To specify a new value, enter the number of requests that you wish to allow in the text box.
  • Minimum value: N/A
  • Maximum value: N/A
99
Max cPAddons Site Software installation requests per addon This setting specifies the maximum number of moderation requests per cPAddon that a single user can make at one time. To specify a new value, enter the number of requests that you wish to allow per cPAddon in the text box.
  • Minimum value: N/A
  • Maximum value: N/A
99
cPAddons Site Software moderation notification This setting allows you to select whether the cPAddons administrator receives notifications about pending moderation requests.
  • On — Enable
  • Off — Disable.
Off
Allow cPAddons Site Software installations from non-cPanel sources This setting allows you to install third-party scripts on your server.
  • On — Enable
  • Off — Disable.
On
Allow cPAddons Site Software installations from modified sources This setting allows users to install previously-altered cPAddons. You may wish to enable this item when you test custom cPaddons.
  • On — Enable
  • Off — Disable.
Off
Notify reseller of cPAddons Site Software installations This setting notifies resellers whenever their users must update their cPAddons.
  • On — Enable
  • Off — Disable.
On
Notify root of cPAddons Site Software installations This setting notifies the cPAddons Site Software administrator whenever their users must update their cPAddons.
  • On — Enable
  • Off — Disable.
On
Notify cPanel users when they need to update their cPAddons Site Software installations This setting notifies cPanel users whenever they must update their cPAddons.
  • Allow users to choose — This option allows cPanel users to specify whether they wish to receive notifications about out-of-date cPAddons.
  • always — This option allows cPanel & WHM to automatically notify users when their cPAddons are out-of-date.
  • never — This option allows you to specify that users should never receive notifications when their cPAddons are out-of-date.
Allow users to choose

Development

The Development section includes the following settings:

Setting Description Values Default
Standardized Hooks - Debug Mode The Standardized Hooks system’s debug mode helps to troubleshoot hook issues. For more information, read our Guide to Standardized Hooks - Debug Mode documentation.
  • If instead of this setting, you use the /var/cpanel/debughooks file to enable debug mode, your locale may revert to the English defaults for JavaScript elements. To fix this problem, run the echo -n > /var/cpanel/debughooks and /scripts/restartsrv_cpsrvd commands to disable debug mode and restart the cpsrvd daemon.
Important:
If you enable this setting, it also enables debug mode in the cPanel interface. This severely impacts the loading and performance of the cPanel interface. We recommend that you disable this setting when you do not need it.
  • Debug mode is off. — The system does not display debug information or log it to the error log.
  • Debug mode is on. The system displays information about a hook while it executes, but does not log debug data to the error log.
  • Debug mode is on. The system displays information about a hook while it executes and logs debug data to the error log. — This setting outputs a large amount of data.
  • Debug mode is on. The system displays information about every stage for every hookable event, even if no hooks exist for that stage. — This setting outputs a large amount of data.
Debug mode is off.
User Interface - Debug Mode This setting changes the way the system generates user interfaces. For example, it disables optimizations such as minifications and cache-busting.
  • Debug mode is off. — The system does not display debug information or log it to the error log.
  • Debug mode is on. — The system displays information and logs it to the error log.
Debug mode is off.

Display

The Display section includes the following settings:

Setting Description Values Default
Default login theme This setting allows you to select the default login theme for cPanel users. Select a login theme. cpanel
Display File Usage information in the cPanel stats bar (inode count) This setting allows you to display the number of files and directories (inodes) that a cPanel account uses. The Statistics section of cPanel’s Home interface displays this information in the File Usage section.
  • On — Enable
  • Off — Disable.
Off
Number of accounts per page to display in “List Accounts”. This setting allows you to specify the number of accounts to display per page in WHM’s List Accounts interface (WHM » Home » Account Information » List Accounts).
  • All — View all of the accounts on your server whenever you or a reseller views WHM’s List Accounts interface (WHM » Home » Account Information » List Accounts).
  • 30 — View 30 accounts per page.
  • Select the text box and enter a value.
30
Display announcement banner This setting allows you to display the Announcement banner in the cPanel interface. cPanel users can dismiss this banner.
  • On — Enable
  • Off — Disable.
On
Display Upgrade Opportunities column in “List Accounts”. This setting allows you to display the Upgrade Opportunities column in WHM’s List Accounts interface (WHM » Home » Account Information » List Accounts).
  • On — Enable
  • Off — Disable.
Off

Domains

The Domains section includes the following settings:

Setting Description Values Default
Allow users to park subdomains of the server’s hostname. This setting allows users to park subdomains on your server’s main domain. For example, for a user creating the subdomain.server.example.com alias on the server.example.com FQDN, On would cause the action to succeed.
  • On — Allow creation of subdomains on the server’s hostname.
  • Off — Don’t allow creation of subdomains on the server’s hostname. If a cPanel user tries to create a subdomain, they receive an error message.
Off
Allow cPanel users to create subdomains across accounts This setting allows a cPanel user to create an addon domain or subdomain on a domain that another user owns. For example, if a user owns the example.com domain, another user could create the store.example.com subdomain.
  • On — Allow creation of subdomains across accounts. Do not enable this option. It can cause serious security issues.
  • Off — Don’t allow creation of subdomains across accounts. If a cPanel user tries to create a subdomain on another account, they receive an error message.
Off
Allow WHM users to create subdomains across accounts This setting allows WHM users to create an addon domain or subdomain for a domain that another user owns. For example, if a cPanel user owns the example.com domain, a WHM user could add a DNS zone for the store.example.com subdomain.
  • On — Allow creation of subdomains across accounts. Do not enable this option. It can cause serious security issues.
  • Off — Don’t allow creation of subdomains across accounts. This is the default setting.
Off
Allow Remote Domains This setting allows the creation of parked domains (aliases) and addon domains that resolve to other servers.
  • On — Allow creation. Do not enable this option. It can cause serious security issues.
  • Off — Don’t allow creation.
Off
Allow resellers to create accounts with subdomains of the server’s hostname. This setting allows resellers to create accounts with subdomains on your server’s main domain. For example, if your hostname is server.example.com, enable this setting to redirect user.server.example.com visitors to the reseller’s website.
  • On — Allow creation.
  • Off — Don’t allow creation.
Off
Allow unregistered domains This setting lets users add domains they didn’t register with a domain name registrar.
  • On — Allow creation.
  • Off — Don’t allow creation.
Off
Automatically add A entries for registered nameservers when creating a new zone This setting controls whether to add A entries automatically for a domain’s nameservers when a user creates a domain.
  • On — Create.
  • Off — Don’t create.
On
Replace service SSL certificates that do not match the local hostname This setting changes how the /usr/local/cpanel/scripts/checkallsslcerts script functions. If you enable this, the system replaces SSL certificates that don’t match the server’s hostname. The system replaces them with a cPanel-signed certificate. This also applies to wildcard certificates.
  • On — Replace the certificates.
  • Off — Retain the certificates.
On
Prevent cPanel users from creating specific domains This setting prevents creating domains whose names appear in the /var/cpanel/commondomains file. If you enable this, cPanel users can’t create any domains (addon or parked) that exist in the /var/cpanel/commondomains and /usr/local/cpanel/etc/commondomains files.
Note:
Do not edit the /usr/local/cpanel/etc/commondomains file directly. If you do, the system will overwrite your changes whenever cPanel & WHM updates.
  • On — Prevent creation.
  • Off — Allow creation.
On
Check zone syntax This setting allows the system to check zone file syntax each time it saves or syncs DNS zone files.
  • On — Check the syntax.
  • Off — Don’t check the syntax.
On
Check zone owner This setting allows the system to check a DNS zone’s owner whenever it saves or syncs DNS zone files.
  • On — Check the owner.
  • Off — Don’t check the owner.
On
Enable DKIM on domains for newly created accounts DKIM (DomainKeys Identified Mail) verifies a message’s sender and integrity. It allows an email system to prove that a message is valid, not forged, and came from the specified domain. This setting allows you to specify whether to enable DKIM for new accounts by default.

  • The /scripts/enable_spf_dkim_globally script allows you to enable SPF and DKIM for accounts that exist on the server, and to create the appropriate DNS records for their domains. For more information, read our The SPF and DKIM Global Settings Script documentation.

  • On — Enable DKIM.
  • Off — Don’t enable DKIM.
On
Enable SPF on domains for newly created accounts SPF (Sender Policy Framework) keeps spammers from sending email that shows your domain as the sender (spoofing). This adds addresses to a list of computers that you authorize to send mail from your domain. It verifies that your domain’s sent messages come from the listed sender. This reduces the amount of backscatter that you receive. This setting allows you to specify whether to enable SPF for new accounts by default.

  • The /scripts/enable_spf_dkim_globally script allows you to enable SPF and DKIM for accounts that exist on the server, and to create the appropriate DNS records for their domains. For more information, read our The SPF and DKIM Global Settings Script documentation.

  • On — Enable SPF.
  • Off — Don’t enable SPF.
On
DNS request management application This setting determines which application handles DNS management requests.
  • dnsadmin, auto-detect SSL — Use dnsadmin.
  • Select the text box and enter the path to another application.
dnsadmin, auto-detect SSL
Service subdomains This setting gives users access to cPanel & WHM through standard HTTP ports (80 and 443).
  • If you enable this setting, the system creates an entry in the httpd.conf file.
  • Do not manually disable the mod_rewrite, mod_headers, or mod_proxy settings in the httpd.conf file.
If you enable this setting, the system creates these service subdomains, where example.com is the domain:
  • cpanel.example.com directs users to cPanel’s Home interface.
  • whm.example.com directs users to WHM’s Home interface.
  • webmail.example.com directs users to the Webmail interface.
  • webdisk.example.com directs users to cPanel’s Web Disk interface (cPanel » Home » Files » Web Disk).
The settings in the Redirection section below do not apply to service subdomains. For more information about service subdomains, read our Service and Proxy Subdomains documentation.
  • On — Allow ports and create service subdomains.
  • Off — Don’t allow.
On
Thunderbird and Outlook autodiscover and autoconfig support (enables service subdomain and SRV record creation) This setting creates the autodiscover and autoconfig service subdomains when you create a domain. It also creates autodiscover and autoconfig SRV records.
  • Local domains require these for Microsoft Outlook® and Thunderbird.
  • If you set the Service Subdomains option to Off, the system disables this setting.
For more information about service subdomains, read our Service and Proxy Subdomains documentation.
  • On — Create service subdomains.
  • Off — Don’t create service subdomains.
Off
Preferred mail service to configure to use for Thunderbird and Outlook autodiscover and autoconfig support This setting lets you choose the email transfer method to use with Thunderbird and Outlook for Autodiscover and AutoConfig support.
Note:
You must enable the Thunderbird and Outlook autodiscover and autoconfig support (enables service subdomain and SRV record creation) setting to configure this setting.
  • imap — Use IMAP.
  • pop3 — Use POP3.
imap
Host to publish in the SRV records for Outlook autodiscover support. The Microsoft Outlook® Autodiscover service searches DNS records. It searches for the SRV record for a domain that points to a particular Autodiscover server. This setting lets you take these actions:
  • Choose the host to publish to the SRV records.
  • Change the default host to an SSL-enabled host with a CA-signed SSL certificate.
  • Use your own server for Outlook® Autodiscover. Enter the Fully Qualified Domain Name (FQDN) in the available text box.
Note:
  • When you input a server in the Host to publish in the SRV records for Outlook autodiscover support setting, the system queries that server for autodiscover settings. If you use your own server for autodiscover, you must have a custom XML file configured on it for autodiscover to work. For more information, read Microsoft’s Autodiscover documentation.
  • You must enable the Thunderbird and Outlook autodiscover and autoconfig support (enables service subdomain and SRV record creation) setting to configure this setting.
  • cpanelemaildiscovery.cpanel.net
  • A valid hostname.
cpanelemaildiscovery.cpanel.net
Overwrite custom A records used for service subdomains This setting removes A records that match your service subdomains.
  • For more information about service subdomains, read our Service and Proxy Subdomains documentation.
  • If you set the Service subdomains setting to Off, the system disables this setting.
  • On — Remove A records.
  • Off — Don’t remove A records.
Off
Overwrite custom SRV records used by Outlook AutoDiscover support This setting removes SRV records when adding or removing Outlook Autodiscover support.
Note:
You must set the Thunderbird and Outlook autodiscover and autoconfig support (enables service subdomain and SRV record creation) setting to On to toggle this setting.
  • On — Remove SRV records.
  • Off — Don’t remove SRV records.
Off
Service subdomain override This setting creates cPanel, Webmail, Web Disk, and WHM subdomains that override the default service subdomains. For example, a user could direct cpanel.example.com visitors to mycontrolpanel.example.com. For more information about service subdomains, read our Service and Proxy Subdomains documentation.
  • On — Create subdomains.
  • Off — Don’t create subdomains.
On
Restrict document roots to public_html This setting keeps users from creating addon domains and subdomains outside of their public_html directory. For example, if you enable this option and create the example.com addon domain, the system creates the /home/username/public_html/example.com directory and not the /home/username/example.com directory.
  • On — Prevent creation outside of the public_html directory.
  • Off — Allow creation in other locations.
On
Share the document root by default when creating a domain This setting automatically selects the Share document root checkbox in the Create a New Domain interface within cPanel’s Domains interface (cPanel » Home » Domains » Domains).
  • On — Automatically select the checkbox.
  • Off — Automatically deselect the checkbox.
On
Always use authoritative (registered) nameservers when creating a new DNS zone. This setting lets a new domain use authoritative nameservers. If you enable this setting, the server won’t use the nameservers you set when creating the domain.
  • On — Allow authoritative nameservers.
  • Off — Don’t allow.
Off

Logging

The Logging section includes the following settings:

Setting Description Values Default
dnsadmin logging level This setting allows you to set the log level for dnsadmin requests in the /usr/local/cpanel/logs/dnsadmin_log file. A value of 0 indicates no logging.
  • Minimum value: 0
  • Maximum value: 9
0
Enable verbose logging of DNS zone syncing This setting causes your server to print DNS information to the command line interface whenever the system synchronizes a DNS zone.
Note:
This setting is for testing purposes only. Do not enable this option on a production server.
  • On — Print DNS information.
  • Off — Don’t print DNS information.
Off
Log successful logins This setting causes your server to record successful login events for cPanel, Webmail, WHM, and DAV to their respective log files in the /usr/local/cpanel/logs/ directory.
  • On — Record successful login events.
  • Off — Don’t record successful login events.
Off
Enable cPanel API Log This setting allows you to log successful or failed cPanel API 1, successful cPanel API 2, and successful UAPI 2 function calls. We store this log in the /usr/local/cpanel/logs/api_log file.
  • On — Record all cPanel API 1 calls, and all successful API 2 and successful UAPI calls.
  • Off — Don’t record any API calls.
Off

Mail

The Mail section includes the following settings:

Setting Description Values Default
Max hourly emails per domain This setting specifies the maximum number of emails that each domain can send per hour. The system only enforces email send limits on remote email deliveries.
Note:
  • This setting does not appear if you disable the Exim Mail Server service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • This setting does not function if you disable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • This setting does not override the Maximum Hourly Email by Domain Relayed and Maximum percentage of failed or deferred messages a domain may send per hour settings.
  • Minimum value: N/A
  • Maximum value: N/A
Unlimited
Number of emails a domain may send per day before the system sends a notification. This setting specifies the number of emails per day that a domain can send before the system sends a notification.
  • To count each account’s outbound emails, this feature uses the TailWatch process to monitor a rolling 24-hour window of hourly logfiles. When a new hour begins, the system deletes the oldest hour’s logfile.
  • The system counts outbound mail from subdomains and addon domains separately from their parent domain.
    Note:
    This setting does not function if you disable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • Minimum value: N/A
  • Maximum value: N/A
Unlimited
The mailbox storage format for new accounts This setting specifies the storage format for new accounts’ mailboxes. Accounts that you restore or transfer to your server will retain their original mailbox format. For more information about storage formats, read Dovecot’s dbox and maildir documentation.
  • mdbox — An updated format that stores multiple messages in a file and uses index files for message flags and keywords.
  • maildir — A format that stores folders as separate directories and messages as individual files. The maildir format uses more inode resources than the mdbox format.
maildir
Initial default/catch-all forwarder destination This setting specifies the initial forwarding destination for new accounts’ default (catch-all) email addresses. The default address handles email that nonexistent users on your server’s domains receive. Because a domain may receive a large number of spam messages for nonexistent users, if you choose to process this mail your server may use more resources. cPanel users can modify this forwarding destination in cPanel’s Default Address interface (cPanel » Home » Email » Default Address).
  • System account — The system forwards unroutable mail to the cPanel user’s system default email account. If you select this setting, this account collects spam.
  • Fail — The system discards the message and sends a notification to the sender. Select this setting if you receive email attacks.
  • Blackhole — The system accepts the message, discards it, and does not notify the remote SMTP server. We recommend that you do not use this setting because it violates SMTP’s RFC 5321.
System account
Mail authentication via domain owner password This setting specifies whether to allow the use of the website owner’s password to access any email address that the owner created within the account. The Single Sign On system generates a temporary user to access a cPanel account and its email accounts as the account owner. This means that if you log in to any email account through the cPanel interface, you do not have to enter a password.
  • On — Allow.
  • Off — Don’t allow.
Off
Include mailman in disk usage calculations This setting specifies whether cPanel’s disk usage calculations include Mailman mailing lists.
  • On — Include.
  • Off — Don’t include.
On
Email delivery retry time This setting specifies the number of minutes that your mail server waits before it attempts to redeliver a message after delivery failure.
Note:
This setting does not appear if you disable the Exim service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • Minimum value: N/A
  • Maximum value: N/A
15 m
Track email origin via X-Source email headers This setting specifies whether to track the origin of messages that users send through your mail server.
  • This feature adds X-Source headers to email messages.
  • This feature requires Exim version 4.34 or later.
Note:
This setting does not appear if you disable the Exim service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • On — Track.
  • Off — Don’t track.
On
The percentage of email messages (above the account’s hourly maximum) to queue and retry for delivery. This setting specifies whether to queue outgoing messages for later delivery after a domain reaches its limit for outgoing messages per hour. For example, with the default value of 125%, after the domain reaches its hourly limit Exim queues any additional messages, up to 125% of the Max hourly emails per domain value. After the account reaches 125% of the Max hourly emails per domain value, any additional outgoing messages will fail.
  • To force the failure of all outgoing messages after the domain reaches its limit, set this option to 100.
Note:
  • This setting does not appear if you disable the Exim Mail Server service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • This setting does not function if you disable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • Minimum value: 100
  • Maximum value: 10,000
125%
Monitor the number of unique recipients per hour to detect potential spammers. This setting configures the system to monitor the number of emails to unique recipients that each individual email user sends. If this number exceeds the value of the Number of unique recipients per hour to trigger potential spammer notification setting, the system will send a notification.
Note:
This setting does not function if you disable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • On — Monitor.
  • Off — Don’t monitor.
On
Select the action for the system to take on an email account when it detects a potential spammer. The system automatically takes this action on every email account that it detects as a potential spammer.
To release or delete outgoing mail held in the queue, perform the following actions in cPanel’s Email Accounts interface (cPanel » Home » Email » Email Accounts):
  1. Click Manage Suspension.
  2. Select Allow for the Send option.
  3. If applicable, click Delete messages from the mail queue to remove any queued messages.
  4. Click Save.
Note:
This setting does not function if you disable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • Take no action — Do not perform any action on the email account.
  • Hold outgoing mail — Hold all outbound messages in a queue for the email account.
  • Reject outgoing mail — Block all outbound email for the email account.
Take no action
Number of unique recipients per hour to trigger potential spammer notification. This setting specifies the number of emails sent by any email account in one hour that will cause the system to send an alert notification. This setting does not count emails sent by Mailman toward the limit. It affects the Select the action for the system to take on an email account when it detects a potential spammer option.
Note:
This setting does not function if you disable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • Minimum value: N/A
  • Maximum value: N/A
500
Count mailman deliveries towards a domain’s Max hourly emails. This setting allows you to specify whether to count messages to Mailman mailing lists against an account’s Max hourly emails per domain limit.
Note:
  • If you enable this setting, mailing-list subscribers may not receive all list messages.
  • This setting does not function if you disable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • On — Count.
  • Off — Don’t count. Set this value to Off to accommodate users with large Mailman mailing lists.
Off
Maximum percentage of failed or deferred messages a domain may send per hour This setting allows you to specify a maximum percentage of failed or deferred messages that your domain may send per hour. The system uses this setting in conjunction with the Number of failed or deferred messages a domain may send before protections can be triggered setting. Your server does not temporarily block outgoing mail from a domain until the domain meets both settings’ requirements. For more information, read our How to Prevent Spam with Mail Limiting Features documentation.
Note:
  • This setting does not appear if you disable the Exim Mail Server service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • This setting does not function if you disable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
Your server temporarily blocks outgoing mail from a domain if both of the following conditions are true:
  • The percentage of failed or deferred messages, out of the total number of sent messages, is equal to or greater than the specified percentage.
  • The domain has sent at least the number of failed or deferred messages that the Number of failed or deferred messages a domain may send before protections can be triggered setting specifies.
The system examines all outgoing and local mail over the previous hour to determine whether these conditions are true. If only one of these conditions is true, the system does not block outgoing mail.
  • Minimum value: 1
  • Maximum value: 100
Unlimited
Number of failed or deferred messages a domain may send before protections can be triggered This setting specifies a number of failed or deferred messages that a domain can send before the system blocks outgoing mail. Your server temporarily blocks outgoing mail from a domain if both of the following conditions are true:
  • The domain sends at least this number of failed or deferred messages.
  • The percentage of failed or deferred messages (out of the total number of sent messages) is equal to or greater than the percentage that the Number of failed or deferred messages a domain may send before protections can be triggered setting specifies.
The system examines all outgoing and local mail over the previous hour to determine whether these conditions are true. If only one of these conditions is true, the system does not block outgoing mail.
  • For more information, read our Service Manager documentation.
  • The system uses this setting in conjunction with the Maximum percentage of failed or deferred messages a domain may send per hour setting. Your server does not temporarily block outgoing mail from a domain until the domain meets both settings’ requirements.
Note:
  • This setting does not appear if you disable the Exim Mail Server service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • This setting does not function if you disable the Eximstats driver in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • Minimum value: N/A
  • Maximum value: N/A
5
Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak) This setting redirects outgoing SMTP connections to the local mail server and allows only the root, exim, and mailman users to make direction connections. If you enable this setting, scripts and email users must use the sendmail binary to send mail and cannot use direct socket access.
  • On — Redirect.
  • Off — Don’t redirect.
On
Prevent “nobody” from sending mail This setting denies the nobody user the ability to send mail to a remote address. PHP and CGI scripts generally run as the nobody user. To use a PHP or CGI script to send mail, enable the suEXEC or mod_php modules in your Apache configuration.
  • On — Deny the nobody user.
  • Off — Allow the nobody user to send mail.
On
Allow users to relay mail if they use an IP address through which someone has validated an IMAP or POP3 login within the last hour (Pop-before-SMTP) This setting allows users who authenticated against the POP3 or IMAP service in the last 30 minutes to send emails through SMTP again without the need to reauthenticate.
Note:
  • An open email relay on an IP address poses a security risk. We recommend that you do not enable this option because it can compromise your users’ privacy and strongly recommend that you use SMTP authentication instead.
  • This setting does not appear if you disable the Exim or RecentAuthedMailIpTracker services in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • On — Allow users to relay mail.
  • Off — Don’t allow users to relay mail.
Off
Add X-PopBeforeSMTP header for mail sent via POP-before-SMTP This setting requires the mail server to append a list to the X-PopBeforeSMTP headers of all of that user’s outgoing messages. This list contains all of the email addresses that a user checks with POP before SMTP.
  • POP before SMTP is an email protocol that allows users to check email from different IP addresses without the need to log in repeatedly.
Note:
  • We recommend that you do not enable this setting because it can compromise your users’ privacy.
  • This setting requires Exim 4.34 or later and does not appear if you disable the Exim service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • You must set the Allow users to relay mail if they use an IP address through which someone has validated an IMAP or POP3 login within the last hour (Pop-before-SMTP) setting to On to toggle this setting.
  • On — Require an appended list.
  • Off — Don’t require an appended list.
Off
Enable BoxTrapper spam trap This setting allows you to enable BoxTrapper, a spam prevention system that uses blacklists, whitelists, and ignore lists, and an automated response-verification system.
Note:
This setting does not appear if you disable the Exim service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • On — Enable BoxTrapper.
  • Off — Disable BoxTrapper.
On
Enable Email Archiving support This setting enables email archiving support. Email archiving maintains a copy of each email that your server sends or receives. The server immediately archives an email when it receives the message.
  • This action takes place before the system applies any filters to the message, which means that the system archives both spam and non-spam messages.
    Note:
    This setting does not appear if you disable the Exim service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • On — Enable email archiving. If you enable this setting, the amount of disk space that mail uses will double.
  • Off — Disable email archiving.
Off
Enable Mailman mailing lists This setting enables Mailman on your server. Mailman is third-party software that manages mailing lists.
Note:

The system does not start the Mailman service until the server hosts at least one mailing list.

  • On — Enable Mailman.
  • Off — Disable Mailman.
On
Enable Roundcube webmail This setting enables the Roundcube webmail client. Webmail allows cPanel users to access their email accounts with an internet connection and a web browser.
  • On — Enable Roundcube.
  • Off — Disable Roundcube.
On
Enable Apache SpamAssassin™ spam filter This setting enables Apache SpamAssassin, a spam filtration program that scores incoming email and checks that score against a predefined limit. If the spam score exceeds this limit, the server takes the action that the domain owner specified in cPanel’s Spam Filters interface (cPanel » Home » Mail » Spam Filters). You can discard mail or place it in a spam folder.
Note:
  • If you make changes to Apache SpamAssassin’s configuration, you must run the /usr/local/cpanel/3rdparty/bin/sa-compile script for your changes to take effect.
  • This setting does not appear if you disable the Exim service in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager).
  • On — Enable Apache SpamAssassin.
  • Off — Disable Apache SpamAssassin.
On
Enable Apache SpamAssassin™ Spam Box delivery for messages marked as spam (user configurable) This setting enables Apache SpamAssassin’s spam box feature. The spam box receives incoming mail that Apache SpamAssassin marks as spam. This is useful for users who receive a message that the system falsely flags as spam.
  • On — Enable spam box.
  • Off — Disable spam box.
On
Prefix “mail.” onto Mailman URLs This setting specifies whether the system should prefix Mailman URLs with mail (for example, http://mail.domain.com/mailman).
Note:

If you set this value to On, this setting overrides any custom URL in your Mailman configuration.

  • On — Add the prefix.
  • Off — No prefix.
Off
Default user-defined quota value for new email accounts This setting defines the default quota that appears in cPanel’s Email Accounts interface (cPanel » Home » Mail » Email Accounts).
  • Minimum value: N/A
  • Maximum value: 4,294,967,296 MB (4 Terabytes)
32768 MB
Default quota option for new email accounts This setting defines the preselected quota option in cPanel’s Email Accounts interface (cPanel » Home » Mail » Email Accounts).
  • Unlimited — Unlimited quota.
  • User-defined — A user-defined quota.
User-defined

Notifications

The Notifications section includes the following settings:

Setting Description Values Default
System disk space usage warnings This setting allows you to enable disk space usage warnings. When you enable disk space usage warnings, these settings become available:
  • Account system disk usage “warn” percentage
  • Account system disk usage “critical” percentage
  • On — Enable.
  • Off — Disable.
On
Account system disk usage “warn” percentage This setting allows you to specify the threshold at which a system’s disk usage enters the warn state, or to disable this notification.
  • Disable this notification — This option disables the setting.
  • 82.55% — Enter the warn state at 82.55% used.
  • Select the text box and enter a value. This option accepts a minimum value of 1.
82.55%
Account system disk usage “critical” percentage This setting allows you to specify the threshold at which a system’s disk usage enters the critical state, or to disable this notification.
  • Disable this notification — This option disables the setting.
  • 92.55% — Enter the critical state at 92.55% used.
  • Select the text box and enter a value. This option accepts a minimum value of 1.
92.55%
Disk quota usage warnings This setting allows you to enable disk quota usage warnings. The system sends these warnings to cPanel users who approach their disk space quota. After you enable disk space usage warnings, these disk quota usage settings become available:
  • Account disk quota “warn” percentage
  • Notify admin or reseller when disk quota reaches “warn” state
  • Account disk quota “critical” percentage
  • Notify admin or reseller when disk quota reaches “critical” state
  • Account disk quota “full” percentage
  • Notify admin or reseller when disk quota reaches “full” state
  • On — Enable.
  • Off — Disable.
On
Out of memory warnings This setting allows you to enable out of memory warnings. The system sends these warnings to cPanel users whose processes run out of sufficient memory space.
  • On — Enable.
  • Off — Disable.
On
Account disk quota “warn” percentage This setting allows you to specify the threshold at which a user’s disk quota usage enters the warn state, or to disable this notification.
  • Disabled — This option disables the setting.
  • 80% — Enter the warn state at 80% used.
  • Select the text box and enter a value. This option accepts a minimum value of 1.
80%
Notify admin or reseller when disk quota reaches “warn” state This setting allows you to specify whether the server sends a notification to the owner of the cPanel account when it reaches the warn state.
  • On — Enable.
  • Off — Disable.
Off
Account disk quota “critical” percentage This setting allows you to specify the threshold at which a user’s disk quota usage enters the critical state, or to disable this notification.
  • Disabled — This option disables the setting.
  • 90% — Enter the critical state at 90% used.
  • Select the text box and enter a value. This option accepts a minimum value of 1.
90%
Notify admin or reseller when disk quota reaches “critical” state This setting allows you to specify whether the server sends a notification to the owner of the cPanel account when it reaches the critical state.
  • On — Enable.
  • Off — Disable.
On
Account disk quota “full” percentage This setting allows you to specify the threshold at which a user’s disk quota usage enters the full state, or to disable this notification.
  • Disabled — This option disables the setting.
  • 98% — Enter the critical state at 98% used.
  • Select the text box and enter a value. This option accepts a minimum value of 1.
98%
Notify admin or reseller when disk quota reaches “full” state This setting allows you to specify whether the server sends a notification to the owner of the cPanel account when it reaches the full state.
  • On — Enable.
  • Off — Disable.
On
Enable mailbox usage warnings This setting allows you to enable mailbox usage warnings. The system sends these warnings to cPanel users whose mailboxes are almost full.

After you enable mailbox usage warnings, these settings become available:
  • Mailbox disk quota “warn” percentage
  • Mailbox disk quota “critical” percentage
  • Mailbox disk quota “full” percentage
This setting controls whether the Any of my account’s email accounts approaches or is over quota setting appears in cPanel’s Contact Information interface (cPanel » Home » Preferences » Contact Information).
  • On — Enable.
  • Off — Disable.
Off
Mailbox disk quota “warn” percentage This setting allows you to specify the threshold at which a user’s mailbox enters the warn state. The system sends this notification to the email account.
  • Disable this notification — This option disables the setting.
  • 80% — Enter the warn state at 80% used.
  • Select the text box and enter a value. This option accepts a minimum value of 1.
80%
Mailbox disk quota “critical” percentage This setting allows you to specify the threshold at which a user’s mailbox enters the critical state. The system sends this notification to the email account.
  • Disable this notification — This option disables the setting.
  • 90% — Enter the critical state at 90% used.
  • Select the text box and enter a value. This option accepts a minimum value of 1.
90%
Mailbox disk quota “full” percentage This setting allows you to specify the threshold at which a user’s mailbox enters the full state. The system sends this notification to the cPanel default email account.
  • Disable this notification — This option disables the setting.
  • 98% — Enter the full state at 98% used.
  • Select the text box and enter a value. This option accepts a minimum value of 1.
98%
Bandwidth limit check This setting allows you to select whether to automatically suspend HTTP service for accounts that exceed their bandwidth limit. If you disable this option, the system will cease all bandwidth notifications and handle all accounts as though they possess unlimited bandwidth.
  • On — Enable.
  • Off — Disable.
On
Send notifications when certificates approach expiry. This setting allows you to specify whether the server sends a notification when an SSL certificate approaches expiry.
  • On — Enable.
  • Off — Disable.
On
Send bandwidth limit notification emails This setting allows you to specify whether the server sends notification emails to accounts that approach their bandwidth limits.

After you enable this setting, these settings become available:
  • Bandwidth usage warning: 70%
  • Bandwidth usage warning: 75%
  • Bandwidth usage warning: 80%
  • Bandwidth usage warning: 85%
  • Bandwidth usage warning: 90%
  • Bandwidth usage warning: 95%
  • Bandwidth usage warning: 97%
  • Bandwidth usage warning: 98%
  • Bandwidth usage warning: 99%
  • On — Enable.
  • Off — Disable.
On
Bandwidth usage warning: 70% This setting allows you to specify whether to send an email notification to users who have used 70% of their bandwidth.
  • On — Send.
  • Off — Don’t send.
Off
Bandwidth usage warning: 75% This setting allows you to specify whether to send an email notification to users who have used 75% of their bandwidth.
  • On — Send.
  • Off — Don’t send.
Off
Bandwidth usage warning: 80% This setting allows you to specify whether to send an email notification to users who have used 80% of their bandwidth.
  • On — Send.
  • Off — Don’t send.
On
Bandwidth usage warning: 85% This setting allows you to specify whether to send an email notification to users who have used 85% of their bandwidth.
  • On — Send.
  • Off — Don’t send.
Off
Bandwidth usage warning: 90% This setting allows you to specify whether to send an email notification to users who have used 90% of their bandwidth.
  • On — Send.
  • Off — Don’t send.
Off
Bandwidth usage warning: 95% This setting allows you to specify whether to send an email notification to users who have used 95% of their bandwidth.
  • On — Send.
  • Off — Don’t send.
Off
Bandwidth usage warning: 97% This setting allows you to specify whether to send an email notification to users who have used 97% of their bandwidth.
  • On — Send.
  • Off — Don’t send.
Off
Bandwidth usage warning: 98% This setting allows you to specify whether to send an email notification to users who have used 98% of their bandwidth.
  • On — Send.
  • Off — Don’t send.
Off
Bandwidth usage warning: 99% This setting allows you to specify whether to send an email notification to users who have used 99% of their bandwidth.
  • On — Send.
  • Off — Don’t send.
Off

Packages

These settings configure defaults for resellers who do not possess unlimited quota Access Controls List (ACL) privileges.

The Packages section includes the following settings:

Setting Description Values Default
Default maximum email quota for new packages This setting assigns a maximum email quota value to new packages when the package creator does not possess the Create Packages with Unlimited Features ACL privilege.
  • Minimum value: N/A
  • Maximum value: 4,294,967,296 MB (4 Terabytes)
1024 MB
Default disk usage quota for new packages This setting assigns a disk usage quota value to new packages when the package creator does not possess the Create Packages with Unlimited Disk Usage ACL privilege.
  • Minimum value: N/A
  • Maximum value: 4,294,967,296 MB (4 Terabytes)
10240 MB
Default bandwidth limit for new packages This setting assigns a bandwidth limit value to new packages when the package creator does not possess the Create Packages with Unlimited Bandwidth ACL privilege.
  • Minimum value: N/A
  • Maximum value: 4,294,967,296 MB (4 Terabytes)
1048576 MB

PHP

The following settings control cPanel & WHM’s internal PHP. Your web server does not use these settings. To configure your web server’s PHP settings, use WHM’s MultiPHP INI Editor interface (WHM » Home » Software » MultiPHP INI Editor).

Note:
These settings update cPanel & WHM’s internal php.ini files. Your cPanel & WHM installation will overwrite direct edits to these files.

The PHP section includes the following settings:

Setting Description Values Default
cPanel PHP max execution time This setting specifies the number of seconds that a cPanel PHP script can run before the system terminates it. This limit prevents poor server performance due to poorly written scripts.
  • Minimum value: 90
  • Maximum value: 500
90 s
cPanel PHP memory limit This setting specifies the memory_limit setting in the php.ini file for cPanel’s internal PHP.
  • Minimum value: 128
  • Maximum value: 16,384
128 MB
cPanel PHP max POST size This setting specifies the maximum size in Megabytes (MB) of a POST request.
  • Minimum value: 55
  • Maximum value: 2,047
55 MB
cPanel PHP max upload size This setting specifies the maximum file size in Megabytes (MB) that a PHP script may upload.
  • Minimum value: 50
  • Maximum value: 2,047
50 MB
cPanel PHP loader This setting specifies a PHP loader or loaders through which cPanel & WHM executes internal PHP scripts.
  • ioncube
  • sourceguardian
N/A

Redirection

This section allows you to configure the SSL and non-SSL redirects for the cPanel, WHM, and Webmail services. This affects the URL the users see when they access the services.

The Redirection section includes the following settings:

Setting Description Values Default
Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” This setting allows you to redirect users to the proper SSL/TLS ports when they visit specific URLs. The system will redirect users who navigate to the /cpanel, /webmail, or /whm paths to the appropriate port.
  • For example, when a user accesses www.example.com/cpanel, the system will redirect them to www.example.com:2083.
  • The system will not redirect users if they enter the corresponding subdomain (for example, cpanel.example.com).
  • The Require SSL setting forces SSL direction by default. We recommend that you do not change this setting.
If you enable this setting, the system attempts to redirect in the following order:
  1. Redirect to the Origin Domain Name location if an installed certificate secures that domain.
  2. Redirect to a wildcard domain that matches the name on the main service certificate.
  3. If no domain matches the domains on any certificate, redirect to the https:// protocol for the domain.
If you disable this option, these settings become available:
  • Non-SSL redirect destination
  • SSL redirect destination
  • On — Redirect.
  • Off — Don’t redirect. If you disable this option, users may send their passwords to these links without encryption. We strongly recommend that you do not disable this option.
On
Non-SSL redirect destination This setting allows you to specify how to redirect users who access cPanel & WHM via the /cpanel, /webmail, or /whm paths without SSL. If you enable the Always redirect to SSL/TLS setting, the system ignores this setting.
  • Hostname — Redirects users to the server’s hostname (for example, host.example.com:2082, where host.example.com represents the server’s hostname).
  • Origin Domain Name — Redirects a user to their main domain (for example, example.com:2082, where example.com represents the user’s domain).
Origin Domain Name
SSL redirect destination This setting allows you to specify how to redirect users who access cPanel & WHM via the /cpanel, /webmail, or /whm paths with SSL. If you enable the Always redirect to SSL/TLS setting, the system ignores this setting.
  • SSL Certificate Name — Redirects users to the domain that the website’s SSL certificate secures. You can view this certificate in WHM’s Manage Service SSL Certificates interface (WHM » Home » Service Configuration » Manage Service SSL Certificates).
  • Hostname — Redirects users to the server’s hostname (for example, host.example.com:2083, where host.example.com represents the server’s hostname).
  • Origin Domain Name — Redirects a user to their main domain (for example, example.com:2083, where example.com represents the user’s domain).
SSL Certificate Name
Logout redirection URL This setting allows you to redirect users to a specific URL after they log out.
  • No redirection — Don’t redirect users.
  • Select the text box and enter a URL.
No redirection

Security

The Security section includes the following settings:

Setting Description Values Default
Allow autocomplete for login screens. This setting specifies whether users can save their cPanel, WHM, and Webmail passwords in the browser’s cache.
  • On — Users can save to the browser’s cache.
  • Off — Users can’t save to the browser’s cache.
On
Hide login password from cgi scripts This setting hides the REMOTE_PASSWORD variable from scripts that the cpsrvd daemon’s CGI handler executes.
  • This setting does not hide the REMOTE_PASSWORD variable from phpMyAdmin.
  • cPanel’s CGI Center interface (cPanel » Home » Software and Services » CGI Center) only exists in cPanel’s removed x3 theme. You cannot create new CGI scripts with cPanel’s current theme (Jupiter), and we strongly discourage the use of the x3 theme.
  • On — Hide.
  • Off — Don’t hide.
Off
Cookie IP validation This setting validates IP addresses for cookie-based logins. This denies attackers the ability to capture cPanel session cookies in order to gain access to your server’s cPanel & WHM interfaces.
  • For this setting to have most effectiveness, you should disable the Service subdomains setting.
  • disabled — The system does not validate IP addresses.
  • loose — The system requires that the access IP address and the cookie IP address must be in the same class C subnet.
  • strict — The system requires that the access IP address and the cookie IP address match exactly.
strict
Generate core dumps This setting specifies whether cPanel & WHM’s services create core dumps. You can use core dumps to debug a service.
Core dumps contain sensitive information. Make certain that you keep them secure.
  • On — Create.
  • Off — Don’t create.
Off
Send passwords when creating a new account This setting allows you to send new users their passwords in plaintext over email when you create a new account.
We strongly recommend that you do not enable this setting to avoid a security risk.
  • On — Send in plaintext.
  • Off — Don’t send in plaintext.
Off
Enable File Protect This setting enables EasyApache 4’s FileProtect option, which improves the security of each user’s public_html directory.
  • On — Enable.
  • Off — Disable.
On
Blank referrer safety check This setting only permits cPanel & WHM to perform functions when the browser provides a referral URL. Each attempt to submit data to cPanel & WHM must have a referral URL. This helps the system to prevent cross-site request forgery (XSRF) attacks.
  • The visitor or application that queries the server must enable cookies for this setting to function.
Important:
Exercise caution if you enable this setting. This setting can break the system’s integration with other systems, login applications, and billing software.
  • On — Require a referral URL.
  • Off — Don’t require a referral URL.
Off
Referrer safety check This setting only permits cPanel & WHM to perform functions when the browser provides a referral URL that exactly matches the destination URL. Each attempt to submit data to cPanel & WHM must have a referral URL for which the domain or IP address and port number exactly match those of the destination URL. This helps the system to prevent cross-site request forgery (XSRF) attacks.
  • The visitor or application that queries the server must enable cookies for this setting to function.
Important:
Exercise caution if you enable this setting. This setting can break the system’s integration with other systems, login applications, and billing software.
  • On — Require a referral URL.
  • Off — Don’t require a referral URL.
Off
Require SSL for cPanel Services This option forces the server to redirect unencrypted cPanel, Webmail, WHM, and DAV requests to secure ports according to the SSL redirection settings. We strongly recommend that you enable this setting.
  • On — Require encryption.
  • Off — Don’t require encryption.
On
Allow PHP to be run when logged in as a reseller to WHM This setting enables resellers to run PHP code in WHM. WHM’s PHP code runs as the root user. Exercise caution if you enable this setting.
  • On — Enable.
  • Off — Disable.
Off
Allow apps that have not registered with AppConfig to be run when logged in as a reseller to WHM. This setting allows unregistered AppConfig applications to run when you log in to WHM as a reseller. When you disable this setting, resellers can only run registered AppConfig applications.
  • On — Enable.
  • Off — Disable.
Off
Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the “all” ACL in WHM. This setting allows unregistered AppConfig applications to run when you log in as a root user. When you disable this setting, a root user can only run registered AppConfig applications.
  • On — Enable.
  • Off — Disable.
Off
This setting allows WHM applications and addons to execute even if an ACL list has not been defined. This setting allows registered AppConfig applications and addons to run without a defined ACL list. When you disable this setting, cPanel & WHM forces registered AppConfig applications and addons to set an ACL list.
  • On — Enable.
  • Off — Disable.
Off
This setting allows cPanel and Webmail applications and addons to execute even if a feature list has not been defined. This setting allows registered AppConfig cPanel and Webmail apps to run without a defined required features list. When you disable this setting, cPanel & WHM forces registered AppConfig cPanel and Webmail apps to set a Required Features list.
  • On — Enable.
  • Off — Disable.
Off
Use MD5 passwords with Apache This setting specifies whether the system uses MD5 hashing for new passwords in Apache .htpasswd files. Because Apache .htpasswd files can contain a mix of crypt- and MD5-encoded passwords, this setting does not change the encoding of any existing passwords.

MD5-encoded passwords provide more security than crypt-encoded passwords. Crypt only uses the first eight characters of the password for authentication, but the system allows MD5 passwords of length.
  • On — Enable.
  • Off — Disable. When you disable this option, Apache uses crypt hashing.
On
EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell. This setting enables the JailManager TailWatch Driver module. JailManager keeps each VirtFS filesystem jail shell in sync with the root filesystem. JailManager also returns the VirtFS filesystem jailed shells to a usable state when the system reboots.
Warning:
This feature is unstable and can result in unintended consequences, including performance and connection issues. Exercise extreme caution if you enable an EXPERIMENTAL feature or setting.
  • These features may not function with other features or settings.
  • These features do not provide current and effective security controls.
  • EXPERIMENTAL features do not qualify for our security bounty.
  • For more information about an EXPERIMENTAL feature’s compatibility, read our Change Logs documentation.
You do not need to enable or disable JailManager in the Service Manager interface (WHM » Home » Service Configuration » Service Manager) because this setting controls the module’s state.
  • The mod_ruid2 module uses the chroot command on Apache virtual hosts if you enable this setting. This action runs Apache virtual hosts in an environment with an altered root directory.
  • You can use this setting when you compile Apache through EasyApache and you have installed mod_ruid2 version 0.9.4a or later.
  • You can use this setting on AlmaLinux OS, Rocky Linux™, or Ubuntu® servers. The CloudLinux™ operating system does not support the mod_ruid2 module.
When you enable this option, each user with a configured jailshell or noshell experiences the following changes:
  • The chroot command jails the user’s Apache Virtual Hosts into the /home/virtfs directory.
  • The system adds the RDocumentChRoot directive to the user’s Virtual Host.
  • The system limits the user’s filesystem view to their /home/virtfs/username filesystem. Various jail shell-related options control the /home/virtfs/username filesystem configuration.
  • On — Enable.
  • Off — Disable.
Off
Signature validation on assets downloaded from cPanel & WHM mirrors. This setting specifies the type of GnuPG (GPG) key signature file (keyring) that the system uses to verify and sign files that you download from cPanel & WHM httpupdate mirrors.
  • For more information about these GPG keys, read our Download Security documentation.
  • This setting does not provide effective security control.
    • Off — The system does not validate any digital signatures.
    • Release Keyring Only — The system uses the Release GPG keyring to validate official release downloads from cPanel & WHM httpupdate mirrors.
    • Release and Development Keyrings — The system uses the Release and Development GPG keyrings to validate test and development release downloads from cPanel & WHM httpupdate mirrors.
    Release Keyring Only
    Default SSL/TLS Key Type This setting lets you specify the system’s default SSL/TLS key type. The system uses the selected key type to generate root’s SSL/TLS keys. The system also uses this key type when it generates keys for cPanel users who do not specify a preferred SSL/TLS key type in cPanel’s SSL/TLS interface (cPanel » Home » Security » SSL/TLS). For more information about the available key types, read the SSL/TLS Key Types documentation.
    Note:
    When you update your preferred key type, the system will perform an AutoSSL run. This updates all installed AutoSSL-issued certificates to use the new key type.
    • RSA, 2,048-bit
    • ECDSA, P-384 (secp384r1)
    • ECDSA, P-256 (prime256v1)
    • RSA, 4,096-bit
    RSA, 2,048-bit
    Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains. When you create a new domain, cPanel will automatically enable SSL for that domain if an SSL certificate exists. If no SSL certificate exists, this functionality will generate a self-signed certificate.
    Important:
    • We strongly recommend that you enable AutoSSL.
    • If you disable this option, and a CA-signed certificate is not available, when a user attempts to visit the newly created domain over HTTPS, the user will see the first SSL certificate installed on that IP address.
    • If you have not enabled a CA-signed certificate or AutoSSL, Google search results may point to the SSL site version with a self-signed certificate. Self-signed certificates generate browser warnings.
    • On — Enable.
    • Off — Disable.
    On
    Verify signatures of 3rdparty cPaddons. This setting verifies all third-party cPAddons’ GPG keys. You can enable this setting if you enable the Signature validation on assets downloaded from cPanel & WHM mirrors setting. This experimental setting does not provide effective security control.
    • On — Enable.
    • Off — Disable.
    Off
    Allow deprecated WHM accesshash authentication This setting allows users to authenticate with WHM via an access hash that they create in WHM’s Remote Access Key interface (WHM » Home » Clusters » Remote Access Key). We deprecated WHM’s Remote Access Key feature in cPanel & WHM version 64. We strongly recommend that you use API tokens instead.
    • On — Enable.
    • Off — Disable.
    Off
    Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd This setting adds the X-Frame-Options: SAMEORIGIN and X-Content-Type-Options: nosniff headers to cpsrvd responses.
    • This setting only controls header directives for cPanel & WHM service ports 2082, 2083, 2086, 2087, 2095, and 2096.
    • For more information about X-Frame-Options, read Mozilla’s X-Frame-Options documentation.
    • For more information about X-Content-Type-Options, read Mozilla’s X-Content-Type-Options documentation.
    • On — Enable.
    • Off — Disable.
    On
    Enable strict SSH host key checking This setting configures the server to always verify the host key of remote systems for outgoing SSH connections, such as rsync and SFTP backup, transfers, and remote MySQL® connections. This setting helps defend the server against man-in-the-middle (MITM) attacks.
    • disabled — Do not require that the server verifies the host key of remote systems for outgoing SSH connections.
    • enabled — Require that the server verifies the host key of all remote systems for outgoing SSH connections. If you select enabled, you must add a host key for each remote system to the /etc/ssh/ssh_known_hosts file.
    • dns — If the remote system contains SSHFP records in a DNSSEC-signed zone and the local system uses EDNS0 resolving, the local system uses the SSHFP records to verify the remote system. Otherwise, the system uses the enabled setting’s behavior. If you select dns, you must perform the following actions and meet the following conditions:
      • You must add a host key for each remote system to the /etc/ssh/ssh_known_hosts file if either of the following conditions is true:
        • The remote system does not contain SSHFP records in a DNSSEC-signed zone.
        • The local system does not use EDNS0 resolving.
      • You must use the remote system’s hostname instead of the IP address in all relevant interfaces.
      • The remote system’s hostname must exist in a DNSSEC-signed zone.
      • The server’s resolvers in the /etc/resolv.conf file must be DNSSEC-aware (for example, BIND, PowerDNS, and Google Public DNS nameservers).
      • The remote system’s resolvers must use EDNS0 resolving. To confirm this, locate the options edns0 option in the /etc/resolv.conf file.
      • For AlmaLinux and Rocky Linux servers, the server that makes the connection must possess SSHFP records with the SHA-1 (algorithm 1) or SHA-256 (algorithm 2) encryption algorithms.
    disabled
    Display a message to reboot the server after essential software updates. This setting configures the server to display a prompt to reboot the server after it installs an essential software update. If you disable this setting, you must manually reboot the server after essential software updates in order to address security issues.
    • On — Enable.
    • Off — Disable.
    On
    Enable Content-Security-Policy on some interfaces This setting enables the Content-Security-Policy (CSP) header on WHM’s Configure Application Locales, Delete a Locale, Locale XML Download, Locale XML Upload, View Available Locales, and Shell Fork Bomb Protection interfaces. This header can help to prevent certain cross-site scripting (XSS) attacks, and it may block JavaScript from external sites when you visit a CSP-enabled interface.
    • On — Enable.
    • Off — Disable.
    Off

    Software

    The Software section includes the following settings:

    Setting Description Values Default
    Dormant services This setting configures the system to unload idle services from memory after up to ten minutes of inactivity. Then the system unloads listening devices that correspond to those services. This setting reduces memory usage, but delays responses from dormant services.
    • If you enable this setting for a service, that service will immediately enter dormant mode whenever you reboot your server or restart the service.
    • Tailwatch checks do not prevent or interrupt dormant mode.
    You can enable this behavior for the following services:
    • cpdavd — cPanel’s WebDAV daemon.
    • cphulkd — cPanel’s brute force protection daemon.
    • cpsrvd — The cPanel & WHM service manager daemon.
    • dnsadmin — cPanel’s DNS management daemon. If your server uses a custom dnsadmin plugin, you must disable dormant mode for dnsadmin.
    • spamd — The Apache SpamAssassin™ daemon.
    The system enables this setting for each service by default.
    Maintenance cPanel RPM Check This setting allows you to specify whether the system runs the /scripts/check_cpanel_pkgs script to check cPanel RPMs for problems during nightly maintenance. If these checks encounter problems, the system sends a notification to the administrator. For more information, read our The check_cpanel_pkgs Script documentation.
    • On — Enable.
    • Off — Disable. We strongly recommend that you do not disable this setting. If you disable this setting, the system does not check existing RPMs for problems during updates or maintenance. This could leave your system vulnerable to unnoticed tampering or other risks.
    On
    Maintenance cPanel RPM Digest Check This setting allows you to specify whether the system runs a digest check against existing RPMs during nightly maintenance. This check ensures that RPM files are not corrupt and that nothing has tampered with them.
    • This setting only appears if you enable the Maintenance cPanel RPM Check setting.
    • If you disable this setting, the system runs the /scripts/check_cpanel_pkgs script with the --no-digest option. For more information, read our The check_cpanel_pkgs Script documentation.
    • We strongly recommend that you enable this setting. If you disable this setting, the /scripts/check_cpanel_pkgs script only validates file sizes, so files may change without detection.
    • On — Enable.
    • Off — Disable.
    On
    Enable phpMyAdmin information schema searches This setting enables information schema searches by phpMyAdmin in MySQL.
    • If between 100 and 1,000 databases exist on your server, you can disable this option to attempt to increase performance. However, you must log in to cPanel again to allow phpMyAdmin to display newly created databases.
    • If more than 1,000 databases exist on your server, we recommend that you enable this setting. A system with a large number of databases may experience performance issues if you disable this setting.
    • On — Enable.
    • Off — Disable.
    On

    SQL

    The SQL section includes the following settings:

    Setting Description Values Default
    Include databases in disk usage calculations If you enable this setting, your server will include databases in disk usage calculations.
    • On — Enable.
    • Off — Disable.
    On
    Use INFORMATION_SCHEMA to acquire MySQL disk usage This setting uses MySQL’s INFORMATION_SCHEMA view to include MySQL table disk usage when it calculates disk usage totals. This setting causes MySQL to become unresponsive until data collection finishes, which may degrade your system’s performance.

    If you disable this setting, cPanel & WHM queries the filesystem for MySQL’s disk usage information. Table type usage and local configuration may cause inaccuracy in the disk usage totals.
    • On — Enable.
    • Off — Disable.
    On
    Allow cPanel & WHM to determine the best value for your MySQL open_files_limit configuration? This setting allows cPanel & WHM to determine the best value for your MySQL open_files_limit setting in the /etc/systemd/system/ MySQL file. The system uses the total number of open tables in your databases to determine this value.
    Newer versions of MySQL require additional file descriptors for each open table. A server with a large number of open tables (for example, servers with multiple installations of WordPress®) may require an open_files_limit value that is greater than the default value of 2048. However, an extremely large open_files_limit setting requires more memory, and may cause performance issues.
    We recommend that you do not manually adjust the open_files_limit setting in the /etc/systemd/system/ MySQL file. If you manually adjust this setting and add more databases and tables, the system will not increase the limit. When you surpass the limit, you will receive an error.
    • On — Enable.
    • Off — Disable.
    On
    Allow cPanel & WHM to determine the best value for your MySQL max_allowed_packet configuration? This setting allows cPanel to determine the best value for your MySQL max_allowed_packet setting in your server’s my.cnf configuration file. The max_allowed_packet setting determines the maximum size of a single packet for any generated or intermediate string. The value of this setting must be large enough to properly handle very long BLOB columns or long strings. However, an extremely large max_allowed_packet setting may catch unnecessarily large packets, and may cause performance issues.
    We recommend that you do not manually adjust the max_allowed_packet setting in your server’s my.cnf file. If you manually adjust this setting and add more databases and tables, the system will not increase the limit. When the system surpasses the limit, you will receive an error.
    • On — Enable.
    • Off — Disable.
    On
    Allow cPanel & WHM to determine the best value for your MySQL innodb_buffer_pool_size configuration? This setting allows cPanel & WHM to determine the best value for your MySQL innodb_buffer_pool_size setting in your server’s my.cnf configuration file. The innodb_buffer_pool_size setting determines the size of the memory buffer in bytes that the InnoDB storage engine uses to cache data and indexes of its tables. However, an extremely large innodb_buffer_pool_size setting requires more memory and may cause performance issues.
    We recommend that you do not manually adjust the innodb_buffer_pool_size setting in your server’s my.cnf file. If you manually adjust this setting and add more databases and tables, the system will not increase the limit. When you surpass the limit, you will receive an error.
    • On — Enable.
      If you select On for this setting, the system uses the following defaults:
      • For servers with less than 512 Megabytes (MB) of RAM, the system sets the innodb_buffer_pool_size setting to 8 MB.
      • For servers with between 512 MB and 4 Gigabytes (GB) of RAM, the system sets the innodb_buffer_pool_size setting to a proportional value that is between 8 and 128 MB.
      • For servers with more than 4 GB of RAM, the system sets the innodb_buffer_pool_size setting to 128 MB.
    • Off — Disable.
    Off
    Require a username prefix on names of new databases and database users When you enable database prefixing, the system prefixes database names and database usernames with a portion of the system username and an underscore.
    • MySQL and PostgreSQL — The prefix uses the first eight characters of the system username and an underscore.
    • MariaDB — The prefix uses the entire system username and an underscore.
    This setting makes it easier for you to determine which user owns a given database. However, it reduces the number of characters that users can use for names of databases and database users.
    • If you change the system account name, database names and database usernames that the account owns do not change.
    • This setting is global and you cannot require prefixing selectively. However, you can create individual databases that do not require prefixing. To do this, disable this setting, create the desired databases, then enable this setting again.
    • On — Enable.
    • Off — Disable. This allows cPanel users to create individual databases without prefixes. After they create the databases, you can reenable the setting for your users’ accounts.
    On
    Force short prefix for MySQL and MariaDB databases If you enable this setting, your server will limit MySQL and MariaDB database prefixes to eight characters.
    • On — Enable.
    • Off — Disable.
    Off

    Stats and Logs

    The Stats and Logs section includes the following settings:

    Setting Description Values Default
    Allow users to update Awstats from cPanel This setting controls whether cPanel users may update their AWStats software.
    • On — Enable.
    • Off — Disable.
    Off
    Delete each domain’s access logs after statistics are gathered This setting controls whether the system deletes each domain’s access log after it processes statistics. Enable this setting to help conserve disk space.
    • On — Enable.
    • Off — Disable.
    On
    Archive logs in the user’s home directory at the end of each stats run unless configured by the user. This setting archives logs in the user’s home directory. The system archives the logs at the end of each statistics cycle. If you disable this option, the system will not archive logs unless the user has configured their settings to archive the logs.
    • On — Enable.
    • Off — Disable.
    On
    Remove the previous month’s archived logs from the user’s home directory at the end of each month unless configured by the user. This setting controls whether the system removes the archived log files from the user’s home directory at the end of each month. If you disable this option, the system retains archived logs unless the user has configured their settings to remove the logs.
    • On — Enable.
    • Off — Disable.
    On
    Extra CPUs for server load This setting allows you to specify a value to add to the number of physical CPUs in your server. The sum of these two numbers becomes the value at which the cpuwatch, cpanellogd, backups, and CPU statistics daemons consider the system to be in a critical load state.
    • 0 — Don’t add the value.
    • Select the text box and enter a value.
    0
    Keep master FTP log file This setting controls whether the system deletes the /usr/local/apache/domlogs/ftpxferlog file whenever the system parses FTP logs.
    • On — Keep the file.
    • Off — Delete the file.
    Off
    Keep log files at the end of the month This setting allows you to keep domain log files at the end of each month in the /home/user/logs directory. If you disable this option, the system deletes these log files.
    Note:
    • We strongly recommend that you disable this setting. Log files can quickly consume your server’s disk space.
    • You must set the Delete each domain’s access logs after statistics are gathered setting to Off to toggle this setting.
    • On — Enable.
    • Off — Disable.
    Off
    Keep stats logs This setting allows you to retain the statistics log (/usr/local/cpanel/logs/stats_log) between cPanel & WHM restarts. If you use WHM’s cPanel Log Rotation Configuration interface (WHM » Home » Service Configuration » cPanel Log Rotation Configuration) to archive the log on a monthly basis, the system may delete the log after it archives the log.
    • On — Enable.
    • Off — Disable.
    Off
    Apache log file chmod value This setting allows you to set the chmod value for the files that reside in the /etc/apache2/domlogs directory. The chmod value sets permissions for who can read, write to, and execute a file.
    • For more information about the files that reside in the /etc/apache2/domlogs directory, read our The cPanel & WHM Log Files documentation.
    • For more information on the chmod command, run the man chmod command from the command line interface.
    • For more information about file permissions, read Wikipedia’s File-system permissions article.
    • 0640 — A chmod value of 0640.
    • Select the text box and enter a value.
    0640
    Show bandwidth usage in megabytes by default in WHM This setting allows you to specify whether WHM displays bandwidth usage in Megabytes (MB).
    • On — Enable.
    • Off — Disable.
    Off
    Stats log level This setting allows you to specify how much information the server should include in the /usr/local/cpanel/logs/stats_log file. Higher numbers indicate greater detail.
    • 1
    • Select the text box and enter a value between 1 and 10.
    1
    Log rotation size threshold This setting allows you to specify a threshold above which the cpanellogd daemon rotates log files. This setting does not apply to the Apache domlogs.
    • 300 MB
    • Select the text box and enter a value of 10 or greater.
    300 MB
    The interval, in days, to retain Exim stats in the database This setting allows you to specify the number of days during which you wish to keep Exim statistics.
    Note:

    If you set this to a high value and your server has a high volume of email traffic, the Mail Delivery Reports page in WHM may hang or load slowly.

    • 10
    • Select the text box and enter a value between 1 and 365,000.
    10
    The number of days to keep records of ModSecurity® rule hits. (Use zero to keep forever). This setting allows you to specify the number of days that you wish to maintain your hits records in the modsec database.
    • 7
    • Select the text box and enter a value.
    If you set this option to 0, the system will not purge hits records from the modsec database.
    7
    Number of days to retain upcp logs before purging them This setting allows you to specify the number of days that you wish to retain logs from the nightly upcp maintenance script.
    • 45
    • Select the text box and enter a value that is between 3 and 999.
    45

    Stats Programs

    Statistical analysis programs allow your users to view information about their site visitors. For more configuration options, use WHM’s Statistics Software Configuration interface (WHM » Home » Server Configuration » Statistics Software Configuration).

    The Stats Programs section includes the following settings:

    Setting Description Values Default
    Awstats reverse DNS resolution This setting allows you to specify whether the AwStats statistical analysis program interprets visitors’ domain names as IP addresses. Disable this option to conserve server resources.
    • On — Enable.
    • Off — Disable.
    Off
    Enable Analog stats This setting allows you to enable the Analog statistical analysis program.
    • On — Enable.
    • Off — Disable.
    On
    Enable Awstats stats This setting allows you to enable the AwStats statistical analysis program.
    • On — Enable.
    • Off — Disable.
    On
    Enable Webalizer stats This setting allows you to enable the Webalizer statistical analysis program.
    • On — Enable.
    • Off — Disable.
    On

    Status

    The Status section includes the following setting:

    Setting Description Values Default
    Critical load threshold This setting allows you to specify the minimum CPU load above which the following interfaces display a warning for the server load:
    • # of CPUs (autodetect) — Detect the number of CPUs and set the minimum CPU load automatically. This option allows your server to automatically determine the appropriate value.
    • Select the text box and enter a numeric value.
    # of CPUs (autodetect)

    Support

    Many of the options in this section of the Tweak Settings interface allow you to specify whether to send anonymized data to cPanel for analysis. For more information about the data that WebPros International, LLC collects from your server, read our cPanel Analytics - The Data We Use documentation.

    The Support section includes the following settings:

    Setting Description Values Default
    Display documentation links in cPanel interface This option allows you to specify whether each cPanel interface displays a question mark link to that interface’s documentation.
    Note:
    • The following cPanel interfaces do not contain help documentation links:
      • cPanel’s File Manager interface (cPanel » Home » Files » File Manager).
      • cPanel’s phpMyAdmin interface (cPanel » Home » Databases » phpMyAdmin).
      • cPanel’s phpPgAdmin interface (cPanel » Home » Databases » phpPgAdmin).
    • The Jupiter theme does not display these links.
    • On — Enable.
    • Off — Disable.
    Off
    Send error reports to cPanel for analysis This setting allows you to specify whether you wish to send anonymized error reports to WebPros International, LLC for analysis.
    • On — Enable.
    • Off — Disable.
    Off
    Update analysis retention interval This setting allows you to specify how long to keep the update analysis log files that you send to WebPros International, LLC. The system stores update analysis log files in the /usr/local/cpanel/logs/update_analysis directory.
    • Disable message retention — Don’t store any logs.
    • 90 days — Save for 90 days.
    • Save indefinitely — Save until manually removed.
    • Select the text box and enter an integer.
    90 days

    System

    The System section includes the following settings:

    Setting Description Values Default
    Accounts that can access a cPanel user account: This setting allows you to specify which users can log in to a cPanel account. If you disallow root or reseller logins to cPanel accounts, the disallowed root user or reseller cannot access the cPanel icon in WHM’s List Accounts interface (WHM » Home » Account Information » List Accounts), which provides access to the user’s cPanel account.
    • Root, Account-Owner, and cPanel User — Allow the root user, the owner (the root user or reseller), and the cPanel user.
    • Account-Owner and cPanel User Only — Allow the owner (the root user or reseller) and the cPanel user.
    • cPanel User Only — Allow only the cPanel user.
    Root, Account-Owner, and cPanel User
    Allow server-info and server-status This setting allows you to specify additional IP addresses and hostnames that can access the example.com/server-status page, where example.com represents a domain’s name.
    • If you install the mod_info Apache module, this setting also applies to the example.com/server-info page.
    • cPanel & WHM does not install the mod_info Apache module by default. To use this module, you must install it in EasyApache 4.
    • Note:
      We strongly recommend that you use caution when you allow access to these pages. They display sensitive information about your server.
    Enter the desired IP addresses or hostnames in the text box, one IP address or hostname per line. N/A
    Allow cPanel users to install SSL Hosts. This setting allows you to specify whether to allow cPanel users to install SSL hosts. If you disable this setting, cPanel users can’t enable the Force HTTPS Redirects option for any domain in cPanel’s Domains interface (cPanel » Home » Domains » Domains).
    • On — Enable.
    • Off — Disable.
    On
    Apache non-SSL IP/port This setting allows you to specify a new port or IP address that Apache uses to listen for requests and serve web pages over an unsecured connection.
    Important:
    This setting can deny HTTP traffic the ability to route correctly, which renders your site inaccessible to visitors.
    • 0.0.0.0:80 — Cause Apache to use port 80 to serve content on an unsecured connection for all of your server’s IP addresses.
    • Select the text box and enter a port or IP address. Enter an IP address to prevent Apache’s ability to listen on all other IP addresses.
    0.0.0.0:80
    Apache SSL port This setting allows you to specify a new port or IP address that Apache uses to listen for requests and serve web pages over a secure connection.
    Important:
    This setting can deny HTTPS traffic the ability to route correctly, which renders your site inaccessible to visitors.
    • 0.0.0.0:443 — Cause Apache to use port 443 to serve content on a secured connection for all of your server’s IP addresses.
    • Select the text box and enter a port or IP address. Enter an IP address to prevent Apache’s ability to listen on all other IP addresses.
    0.0.0.0:443
    cPanel & WHM API shell (for developers) This setting allows you to add the following interfaces, which allow the root user and resellers to test API functions directly:
    • WHM’s API Shell interface (WHM » Home » Development » API Shell)
    • cPanel’s API Shell interface (cPanel » Home » Advanced » API Shell)
    To enable this feature for cPanel, you must grant the API Shell feature to the desired root user and resellers in WHM’s Feature Manager interface (WHM » Home » Packages » Feature Manager), then refresh your browser window.
    • On — Allow.
    • Off — Deny.
    Off
    DNS server reload deferral time This setting allows you to define a time, in seconds, that the dnsadmin service waits before it restarts the DNS server. The system silently discards additional restart requests in this time period.
    Note:
    • You cannot set a value greater than 300 seconds.
    • For busy servers, we recommend a higher value. A higher value will help to prevent multiple subsequent restarts.
    • If your system experiences very few DNS changes, we recommend that you use a setting of 5.
    • DNS changes will not take effect until the DNS server reloads.
    • 2 s — Two seconds.
    • Select the text box and enter a value.
    2 s
    HTTPD deferred reload time This setting allows you to specify the number of seconds that the system waits before it restarts the web server. The system silently discards additional restart requests in this time period.
    • 0 s — Don’t wait.
    • Select the text box and enter a value.
    0 s
    The number of seconds between ChkServd service checks. This setting allows you to specify the number of seconds between each chkservd daemon service check. If you choose to set a value below 300, we recommend that you first use the /var/log/chkservd.log file to verify the length of your system’s chkservd checks. The settings that you choose in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager) affect the length of these checks.
    • Minimum value: 60
    • Maximum value: 7200
    300
    The number of times ChkServd allows a previous check to complete before termination. This setting allows you to specify the number of times that the chkservd daemon allows a check to complete before termination.
    • Minimum value: 1
    • Maximum value: 20
    2
    The option to enable or disable ChkServd HTML notifications. This setting allows you to enable or disable HTML notifications from the chkservd daemon.
    • On — Enable.
    • Off — Disable.
    On
    The option to enable or disable ChkServd recovery notifications. This setting allows you to enable or disable recovery notifications from the chkservd daemon.
    • On — Enable.
    • Off — Disable.
    On
    Conserve memory This setting allows you to specify whether to conserve memory (RAM) at the expense of more CPU usage and disk I/O.
    • On — Enable.
    • Off — Disable.
    Off
    cpsrvd username domain lookup This setting allows you to specify whether WHM automatically supplies a username (based on the account name) when a cPanel user enters a login password.
    • On — Enable.
    • Off — Disable.
    Off
    Prevent cpsrvd from serving standard HTTP ports This setting prevents the cpsrvd daemon from taking over the standard HTTP ports when you disable the system’s web server role.
    Important:
    This action renders any cPanel & WHM features that depend on the standard HTTP ports partially or entirely unusable. These features include service subdomains, AutoSSL, Mailman, and BoxTrapper.
    • On — Enable.
    • Off — Disable.
    Off
    Cache disk quota information This setting allows you to specify whether WHM caches disk usage information.
    Note:
    • If you enable this setting, the cache process may result in disk-usage information that is up to 15 minutes out-of-date.
    • If you disable this setting, your server may experience a large performance degradation.
    • On — Enable.
    • Off — Disable.
    On
    Recursive DNS query pool size This setting restricts the maximum number of currently active recursive DNS queries. Use this setting if your firewall imposes rate limits on DNS queries. These rate limits can degrade recursive DNS queries in applications such as AutoSSL.
    • Unrestricted — Disable.
    • 10 — Restrict to 10 currently active recursive DNS queries.
    • Select the text box and enter a value.
    10
    Reverse DNS lookup upon connect This setting allows you to specify whether cPanel & WHM attempts to resolve a client’s IP address to a domain name whenever a user connects to a cPanel service.
    Important:
    If you enable this setting, it may degrade your server’s performance.
    • On — Enable.
    • Off — Disable.
    Off
    Maximum age, in days, of content to keep when automatically emptying the users’ File Manager Trash This setting determines how many days to keep files in the .trash folder of user home directories. These folders contain deleted files from cPanel’s File Manager interface (cPanel » Home » Files » File Manager).
    • Disabled — Disabled.
    • Select the text box and enter a value.
      Note:
      A value of 0 configures the server to purge all files from every user’s .trash folder, regardless of age.
    Disabled
    Enable optimizations for the C compiler This setting allows you to specify whether the compiler optimizes code for your system. On some systems, compiler optimizations can trigger a bug in system libraries.
    • On — Enable.
    • Off — Disable.
    Off
    Max HTTP submission size This setting allows you to specify the maximum file size in Megabytes (MB) that a user can upload to your server. This setting applies to all uploads and form submissions in cPanel & WHM, which includes Webmail, cPanel’s File Manager interface (cPanel » Home » Files » File Manager), and phpMyAdmin.
    • Unlimited — Allow any file size.
    • Select the text box and enter a number between 1 and 10,240.
    Unlimited
    File upload required free space This setting allows you to specify the minimum filesystem quota space that the system requires after a file uploads to your server. This setting applies to all uploads and form submissions in cPanel & WHM, which includes Webmail, cPanel’s File Manager interface (cPanel » Home » Files » File Manager), and phpMyAdmin.
    • This helps ensure that users do not meet or exceed their quota limits.
    • We enable quotas by default on new installations.
    • 5 MB — Allow a minimum of 5 MB of free disk space.
    • Select the text box and enter a number.
    5 MB
    Interval, in days, between rebuilds of the FTP quota and disk usage data (applies to Pure-FTPd only) This setting allows you to specify the number of days between rebuilds of the FTP quota and disk usage data for Pure-FTP. This interval allows the system to consider account disk usage information for files that other processes modify or add to a user’s root FTP directory.
    Note:
    • A higher setting reduces disk I/O, but lowers the accuracy of the usage data.
    • A lower setting improves accuracy, but consumes more disk I/O.
    • 30 — 30 days.
    • Select the text box and enter a number between 1 and 365,000.
    30
    Depth to recurse for .htaccess checks This setting allows you to specify the maximum number of directories deep to look for .htaccess files when you change the PHP handler.

    For example, if the /home/user/public_html/ directory is your document root, and 2 is the value for this setting, the system searches the following directories for .htaccess files:
    • /home/user/public_html/
    • /home/user/public_html/directory1/
    • /home/user/public_html/directory2/
    The system does not search the /home/user/public_html/directory1/directorya/ directory.
    Note:
    This setting also comments out any AddHandler directive lines in your users’ .htaccess files that change how the system handles PHP.
    • 2 — Two directories.
    • Select the text box and enter a number that is greater than 0.
    Important:
    We strongly recommend that you do not enter a value that is higher than 10. A value that is higher than 10 can degrade your server’s performance.
    2
    Account Invites for Subaccounts This settings allow cPanel account users to send invitations to new Subaccount users via cPanel’s User Manager interface (cPanel » Home » Preferences » User Manager). An invitation includes a link to a time-sensitive page where the Subaccount user can set their own password rather than rely on the cPanel account user to set their password.
    Note:
    When you disable this option, the system disables the Send login link to alternate email address. setting in cPanel’s Create an Email Account interface (cPanel » Home » Email » Create an Email Account).
    • On — Enable.
    • Off — Disable.
    On
    Listen on IPv6 Addresses This setting causes the cpsrvd daemon and other cPanel & WHM services to listen on IPv6.
    Note:
    • If you do not enable this setting, WHM, cPanel, Webmail, and Web Disk will not function via IPv6.
    • After you enable this setting, you must rebuild Apache and run the following scripts from the command line:
      • /usr/local/cpanel/scripts/restartsrv_apache
      • /usr/local/cpanel/scripts/restartsrv_cpsrvd
      • /usr/local/cpanel/scripts/restartsrv_cpdavd
      • /usr/local/cpanel/scripts/restartsrv_nsd
    • On — Enable.
    • Off — Disable.
    Off
    I/O priority level at which bandwidth usage is processed This setting allows you to specify the server’s I/O priority for bandwidth log processing.
    • Your operating system’s kernel must support ionice, and ionice must exist on the server, for this setting to function properly.
    • This setting specifies the “best effort” priority.
    • 6
    • Select the text box and enter a number between 0 and 7. A value of 0 grants the highest priority, while a value of 7 grants the lowest.
    6
    I/O priority level at which stats logs are processed This setting allows you to specify the server’s I/O priority when it processes statistics logs.
    • Your operating system’s kernel must support ionice, and ionice must exist on the server, for this setting to function properly.
    • This setting specifies the “best effort” priority.
    • 7
    • Select the text box and enter a number between 0 and 7. A value of 0 grants the highest priority, while a value of 7 grants the lowest.
    7
    I/O priority level at which nightly backups are run This setting allows you to specify the disk’s I/O priority for nightly backups.
    • Your operating system’s kernel must support ionice, and ionice must exist on the server, for this setting to function properly.
    • This setting specifies the “best effort” priority.
    • 6
    • Select the text box and enter a number between 0 and 7. A value of 0 grants the highest priority, while a value of 7 grants the lowest.
    6
    I/O priority level at which cPanel-generated backups are run This setting allows you to specify the server’s I/O priority for cPanel-generated user backups.
    • Your operating system’s kernel must support ionice, and ionice must exist on the server, for this setting to function properly.
    • This setting specifies the “best effort” priority.
    • 7
    • Select the text box and enter a number between 0 and 7. A value of 0 grants the highest priority, while a value of 7 grants the lowest.
    7
    I/O priority level for user-initiated processes This setting allows you to specify the server’s I/O priority for certain user-initiated processes. This setting applies to a few especially I/O-intensive user functions, such as actions for cPanel’s File Manager interface (cPanel » Home » Files » File Manager).
    • Your operating system’s kernel must support ionice, and ionice must exist on the server, for this setting to function properly.
    • This setting specifies the “best effort” priority.
    • 6
    • Select the text box and enter a number between 0 and 7. A value of 0 grants the highest priority, while a value of 7 grants the lowest.
    6
    I/O priority level at which quota checks are run This setting allows you to specify the server’s I/O priority for quota checks.
    • Your operating system’s kernel must support ionice, and ionice must exist on the server, for this setting to function properly.
    • This setting specifies the “best effort” priority.
    • 6
    • Select the text box and enter a number between 0 and 7. A value of 0 grants the highest priority, while a value of 7 grants the lowest.
    6
    I/O priority level at which FTP quota checks are run (when Pure-FTPd is enabled) This setting allows you to specify the server’s I/O priority for FTP quota checks for Pure-FTPd.
    • Your operating system’s kernel must support ionice, and ionice must exist on the server, for this setting to function properly.
    • This setting specifies the “best effort” priority.
    • 6
    • Select the text box and enter a number between 0 and 7. A value of 0 grants the highest priority, while a value of 7 grants the lowest.
    6
    I/O priority level at which email_archive_maintenance is run This setting allows you to specify the server’s I/O priority level for the email_archive_maintenance script, which cPanel & WHM uses to support email-archiving functions.
    • Your operating system’s kernel must support ionice, and ionice must exist on the server, for this setting to function properly.
    • This setting specifies the “best effort” priority.
    • 7
    • Select the text box and enter a number between 0 and 7. A value of 0 grants the highest priority, while a value of 7 grants the lowest.
    7
    I/O priority level at which dovecot_maintenance is run This setting allows you to specify the server’s I/O priority level for the dovecot_maintenance script, which cPanel & WHM uses to maintain mailboxes.
    • Your operating system’s kernel must support ionice, and ionice must exist on the server, for this setting to function properly.
    • This setting specifies the “best effort” priority.
    • 7
    • Select the text box and enter a number between 0 and 7. A value of 0 grants the highest priority, while a value of 7 grants the lowest.
    7
    Use cPanel® jailshell by default This setting allows you to configure accounts to use the cPanel® jailshell by default. Jailed shell systems, by default, mount all filesystems with the nosetuid option. The nosetuid option blocks the operation of setuid and setgid commands, such as the ping command. However, this does not apply to Exim’s /usr/sbin/ directory. For more information, read our How to Create Custom Jailed Shell Mounts documentation.
    • On — Enable. We strongly recommend that you enable this setting.
    • Off — Disable.
    Off
    Jailed /proc mount method ( * Choosing this option will create a limited /proc mount for legacy operating systems.) This setting allows you to permit the use of the /proc virtual filesystem in a jailshell. For more information, read our VirtFS Jailed Shell documentation.
    • Always mount a full /proc — The /proc virtual filesystem has full privileges.
    • Full /proc for supported operating systems and xenpv
      • In the AlmaLinux, Rocky Linux, and CloudLinux operating systems, the /proc virtual filesystem includes all processes.
    • No /proc for supported operating systems and xenpv
      • In the AlmaLinux, Rocky Linux, and CloudLinux operating systems, the system does not mount the /proc virtual filesystem inside the jail.
    Full /proc for supported operating systems and xenpv
    Jailed /bin mounted suid This setting allows you to permit the use of the setuid option in the /bin directory in a jailshell. System administrators who wish to run setuid commands, such as the /bin/ping command, may wish to use this setting. This setting does not affect servers that run the AlmaLinux, Rocky Linux, or CloudLinux operating systems.
    • On — Enable.
    • Off — Disable.
    Off
    Jailed /usr/bin mounted suid This setting allows you to permit the use of the setuid option in the /usr/bin directory in a jailshell. System administrators who wish to run setuid commands, such as the /usr/bin/crontab command, may wish to use this setting. This setting does not affect servers that run the AlmaLinux, Rocky Linux, or CloudLinux operating systems.
    • On — Enable.
    • Off — Disable.
    Off
    Max cPanel process memory This setting allows you to specify the maximum amount of memory that a cPanel & WHM process can use before the system automatically kills it.
    • Unlimited — No memory limit. Select this if you do not want to impose a memory limit on cPanel & WHM processes.
    • 4096 MB — A memory limit of 4,096 MB.
    • Select the text box and enter a value.
    4096 MB
    Max cPanel/WHM/Webmail service handlers This setting allows you to specify the maximum number of concurrent connections for the cpsrvd daemon.
    Important:
    Keep this setting as low as possible to limit potential denial-of-service attacks.
    • 200 — 200 connections.
    • Select the text box and enter a value between 200 and 16,384.
    200
    Minimum time between Apache graceful restarts. This setting allows you specify the number of seconds Apache will delay before it initiates a restart. This only applies to graceful restarts that are deferrable.
    • 10 — 10 seconds.
    • Select the text box and enter a value between 10 and 600.
    10
    Send language file changes to cPanel This setting configures your system to send any changes to language files to WebPros International, LLC so that we can improve our translations of interface text.
    • On — Enable.
    • Off — Disable.
    On
    Remote WHM timeout This setting allows you to specify the number of seconds to allow a connection between this server and other remote WHM servers to remain idle before it times out.
    • 35 — 35 seconds.
    • Select the text box and enter a value greater than 35.
    35 s
    Disk usage/quota bailout time This setting allows you to specify the maximum amount of time in seconds during which the system may attempt to retrieve disk usage and quota information before it considers the data unavailable.
    • 60 — 60 seconds.
    • Select the text box and enter a value.
    60 s
    Reset Password for cPanel accounts This setting enables the Reset Password feature for cPanel account users. The Reset Password feature uses the account’s contact email address to verify a password-reset request. The email contains a security code that verifies whether the user can access the Subaccount’s contact email address as part of the password-reset verification process.
    • The link to request this email displays in the cPanel login interface.
    • To use this feature, the cPanel user must set the contact email address in cPanel’s Contact Information interface (cPanel » Home » Preferences » Contact Information).
    • For more information, see our How to Reset a cPanel Account Password documentation.
    • On — Enable.
    • Off — Disable.
    On
    Reset Password for Subaccounts This setting enables the Reset Password feature and new Subaccount invitations for cPanel Subaccount users. The Reset Password feature uses the Subaccount’s contact email address to verify a password-reset request. The email contains a security code that verifies whether the user can access the contact email address as part of the password-reset verification process.
    • The link to request this email displays in the cPanel login interface.
    • To use this feature, you must set the Subaccount’s contact email address in cPanel’s User Manager interface (cPanel » Home » Preferences » User Manager).
    • For more information, see our How to Reset a cPanel Subaccount Password documentation.
    • On — Enable.
    • Off — Disable.
    On
    Enable Linux kernel update during nightly maintenance. This setting allows you to specify whether to allow nightly updates to your Linux kernel. If you enable this setting, the nightly updates will update the Linux kernel. If your kernel updates, the system will notify you when you log in that you need to reboot your system.
    • On — Enable.
    • Off — Disable.
    Off
    Server Locale This setting allows you to specify the locale that the system uses whenever a user selects a cPanel locale that does not exist. This setting also allows you to specify the locale that the system uses whenever a user’s web browser requests an invalid locale in the HTTP Accept-Language header.
    • Set this value to a locale that administrators, resellers, and users can understand.
    • When you modify this setting and click Save, the system applies the new language to your WHM interface immediately.
    Select an available locale from the menu.
    Note:

    Don’t see your language of choice? Take our Language Support Feedback Survey to let us know your preferences.

    English
    Send a notification when a user’s backup has errors This setting allows you to specify whether the server notifies you when a user’s cPanel backup file contains errors.
    • On — Enable.
    • Off — Disable.
    On
    Allow other applications to run the cPanel and admin binaries This setting allows you to specify whether cPanel and admin binaries run from applications other than the cPanel server daemon (cpsrvd). This setting is useful for advanced administrators who are familiar with Perl scripting and who wish to run cPanel from their own custom programs.
    • On — Enable.
    • Off — Disable.
    Off
    ChkServd TCP check failure threshold This setting allows you to specify the number of times that a chkservd daemon TCP check must fail before the system restarts the service and sends a notification. On heavily loaded systems, these types of service checks fail occasionally, which produces erroneous indications that services are down.
    • Disable notifications and restarts from TCP checks — Disable this.
    • 3 — 3 seconds.
    • Select the text box and enter a value. We recommend a value of 3 or higher for most systems.
    3
    Number of seconds an SSH connection related to an account transfer may be inactive before timing out This setting allows you to specify the number of seconds of inactivity after which account transfers’ SSH connections time out.
    • 1800 seconds — 1,800 seconds.
    • Select the text box and enter a value between 1,800 and 172,800.
    1800 seconds
    Do not make changes to the firewall during account modification. By default, the system makes changes to the firewall when an account is modified. If you enable this setting, the system does not make the corresponding changes to the firewall. These firewall modifications are important for Tomcat and the cpuser_port_authority script. The server administrator will need to perform any necessary firewall changes.
    • On — Disable firewall changes.
    • Off — Allow firewall changes.
    Off
    Do not make changes to the firewall via scripts/configure_firewall_for_cpanel. By default, cPanel adds firewall rules to ensure that cPanel ports are open. If you enable this setting, the system does not add these cPanel port rules to the firewall. These firewall modifications are important for remote access to the cPanel services. The server administrator will need to perform any necessary firewall changes.
    • On — Do not add cPanel firewall rules.
    • Off — Add cPanel firewall rules.
    Off
    Enforce user account limits for resellers with the “Account Modification” ACL. The Account Modification ACL privilege allows resellers to bypass their user account limits. Enable this setting to prevent users from bypassing their user account limits.
    • On — Resellers can bypass their user account limits.
    • Off — Resellers cannot bypass their user account limits.
    Off
    Copy default error documents to docroot for new accounts, addon domains, and subdomains When enabled, the system copies the default error documents to the document root directory when you create new accounts, addon domains, and subdomains. By copying the default error documents to the document root, this ensures that the global ErrorDocument configuration has the files it needs to prevent generating additional errors.
    • On — Enable.
    • Off — Disable.
    Off

    Additional Documentation