Global Configuration

Valid for versions 102 through the latest version

Version:

102

Last modified: June 13, 2024


Looking for this interface?
Note:

Your hosting provider can enable or disable this interface for resellers in WHM's Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller Nameservers and Privileges).

Overview

This feature allows you to adjust several of the Apache® web server’s advanced features. Many of these directives require that you format your entry in a specific way. Click a directive name to view its documentation on the Apache website.

Global Configuration

Note:
  • Some of these settings require that you install Multi-Processing Modules (MPM). For more information, read our MPM documentation.

  • Make certain that you and your users do not require a directive before you disable it.

To configure the advanced features of the Apache web server, use the following directives:

Directive Description Default Settings
SSL Cipher Suite Sets the OpenSSL ciphers that Apache uses.
Note:
  • We recommend that you use this directive's default setting to adjust your server for PCI compliance. For more information about PCI compliance, read our PCI Compliance and Software Versions documentation.
  • If your chosen SSL protocol or the version of OpenSSL that EasyApache 4 uses does not support a cipher, the system will display an error message.
By default, cPanel & WHM uses the following cipher list for web services:

ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

SSL/TLS Protocols Determines the SSL and TLS protocols that the client and server negotiate during the SSL/TLS handshake phase.
Warning:
Most modern browsers only support Transport Layer Security (TLS) protocol version 1.2 or later.
all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSL Use Stapling This option enables Online Certificate Status Protocol (OCSP) stapling. If enabled and requested by the client, the TLS handshake will include an OCSP response for its own certificate. This improves performance and security because the client does not need to contact the Certificate Authority (CA). For more information, read Wikipedia’s OCSP stapling article. On
Extended Status Shows more details about incoming requests. This information appears in WHM’s Apache Status interface (WHM » Home » Server Status » Apache Status). On
LogLevel Sets the verbosity of the error log. warn
LogFormat (combined) The Apache log file’s format, which includes the referrer and user agent strings.
Note:
The system defaults to this format.
%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"
LogFormat (common) The Apache log file’s format. %h %l %u %t "%r" %>s %b
Trace Enable Allows or disallows TRACE requests. Off
Server Signature Determines whether server information appears in error results and other information that the server generates. Off
Server Tokens Determines the amount of information that Apache provides to visitors in Server HTTP response headers.
File ETag Determines the amount of information that Apache provides to visitors who request a file via HTTP.
  • ETags display meta information to visitors who request a file.
  • This directive can potentially reduce server load and increase load speed.
None
Directory “/” Options Sets several options that pertain to the root (/) directory.
  • ExecCGI
  • FollowSymLinks
  • IncludesNOEXEC
  • Indexes
Start Servers Defines the number of child server processes that Apache creates when it starts. 5
Minimum Spare Servers Sets the minimum number of idle child server processes. Only configure this directive for very busy servers.
Note:
To configure this setting, you must install the MPM Prefork module.
5
Maximum Spare Servers Sets the maximum number of idle child server processes. Only configure this directive for very busy servers.
Note:
To configure this setting, you must install the MPM Prefork module.
10
Server Limit Defines the maximum configured value for the MaxRequestWorkers directive (the MaxClients directive in Apache versions earlier than 2.4) for the lifetime of the Apache process. 256
Max Request Workers Sets the limit on the number of simultaneous requests that Apache serves. For example, use this value to change the maximum number of HTTP connections. You can enter a number equal to or lower than the value of the Server Limit setting (Apache refers to this directive as Max Clients in versions earlier than 2.4.)
Note:

To configure this setting, you must install the MPM Event, MPM Worker, or MPM Prefork module.

150
Max Connections Per Child Sets the limit on the number of requests that an individual child server process handles. After the child server processes a MaxConnectionsPerChild number of requests, the child server process terminates. If the MaxConnectionsPerChild setting equals 0, the child server process never expires. (Apache refers to this directive as Max Requests Per Child in versions earlier than 2.4.)
Note:
To configure this setting, you must install the MPM Prefork module.
10000
Keep-Alive Enables long-lived HTTP sessions, which allow you to send multiple requests over the same TCP connection. This directive can reduce load times for HTML documents with many images.
Note:
If you use NGINX, this value also applies to your NGINX configuration.
Off
Keep-Alive Timeout Defines the number of seconds that Apache waits for another request before Apache closes a connection.
Note:
If you use NGINX, this value also applies to your NGINX configuration.
5
Max Keep-Alive Requests Limits the number of requests that a TCP connection can make when you enable the KeepAlive directive. If you do not wish to limit KeepAlive directive requests, set this value to 0.
Note:
If you use NGINX, this value also applies to your NGINX configuration.
100
Timeout Defines the amount of time (in seconds) that Apache waits for certain events before Apache fails a request. 300
Symlink Protection Enables the Symlink Protection patch, which helps improve Apache’s ability to detect a race condition. Off

After you update the desired configuration options, click Save. A new interface will appear. Click Rebuild Configuration and Restart Apache.

To undo any of your changes, click Reset.

Manually edit Apache features

The server stores the configuration of your Apache web server in the etc/cpanel/ea4/ea4.conf file. This file replaced the /var/cpanel/conf/apache/local and /var/cpanel/conf/apache/main files.

Warning:

We strongly recommend that you do not directly edit the /etc/cpanel/ea4/ea4.conf file. Use the interface instead. Editing the file directly may result in unexpected results, including server instability.

We provide several other methods to customize your system. You can use one of the following methods to create custom configurations:

For more information, read our Advanced Apache Configuration documentation.

Additional Documentation