The level of compression to use (1 is faster but less compression, 9 is slower but provides maximum compression)

The number of independent pigz processes to use when performing gzip compression. For quickest compression, specify the same number of cores available on your server.

The size (in 1024 byte chunks) of compression work units to be distributed to each pigz process. Default is 4096. Systems with larger L2/L3 caches may benefit from higher values.

The Standardized Hooks System’s debug mode helps to troubleshoot hook issues.

The cPanel interface's debug mode. This setting changes the way the system generates user interfaces.

The theme to display when users log into cPanel, WHM, and webmail. (You may override this setting for a specific browser session by appending ?login_theme=theme-name to the HTTP Request-URI. Note that theme-name stands for the desired theme.)

Display a banner promoting new cPanel features. The user can dismiss this banner.

Allow cPanel users to create subdomains (including the creation of addon domains) of domains that other users own. The restriction does not apply to resellers in WHM. Enabling this is not recommended.

Allow WHM users to create subdomains (including creation of addon domains) of domains that other users own. Enabling this is not recommended.

Allow creation of parked/addon domains that resolve to other servers (e.g. domain transfers) This can be a major security problem. If you must have it enabled, be sure not to allow users to park common Internet domains.

Allow creation of parked/addon domains that are not registered.

When adding a new domain, automatically create A entries for the registered nameservers if they would be contained in the zone.

When you enable this option, the checkallsslcerts script will replace any service SSL certificates that do not match the hostname of the server with a cPanel-signed certificate. This includes wildcard certificates.

Prevent cPanel users from creating a Parked or Addon domain that is listed in /usr/local/cpanel/etc/commondomains or /var/cpanel/commondomains. Recommended.

Check zone file syntax when saving and syncing zones.

Check zone's owner when saving and syncing zones.

Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk, cpcalendars, cpcontacts, and whm subdomains to the correct port (requires mod_rewrite, mod_headers, and mod_proxy)

Automatically create autodiscover and autoconfig service subdomains as well as the autodiscover SRV records needed for Outlook and Thunderbird email auto configuration for local domains.

If you enable this setting, then custom A records that match service subdomains will be removed when you add or remove service subdomains.

Allow users to create cpanel, webmail, webdisk, cpcalendars, cpcontacts, and whm subdomains that override automatically generated service subdomains

This option mandates that document roots for all newly-created websites must reside under the document root for the account’s primary website. This option does not apply when you transfer or restore accounts.

Check the “Share document root” box by default on the “Create a New Domain” page in cPanel.

When adding a new domain, if the domain is already registered, ignore the configured nameservers, and set the NS line to the authoritative (registered) ones.

Log dnsadmin requests to /usr/local/cpanel/logs/dnsadmin_log

Add additional information about DNS zone syncing to the cPanel error log. This is intended for testing or debugging purposes only.

Enable this to record successful login events for cPanel, Webmail, WHM, and DAV.

This setting allows you to log successful or failed cPanel API 1, successful cPanel API 2, and successful UAPI function calls. We store this log in the /usr/local/cpanel/logs/api_log file.

The maximum number of emails each domain can send out per hour.

The system will send a notification when any domain sends more than the specified number of emails in a day.

Mdbox or Maildir
Transferred or restored accounts will retain their mailbox format settings.

Forwarding destination for a new account’s catch-all/default address. (Users may modify this value via the Default Address interface in cPanel.) “Fail” rejects the message and notifies the remote SMTP server. This is usually the best choice if you are getting mail attacks. “Blackhole” accepts and processes the message but then silently discards it. This avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.

This setting specifies whether to allow the use of the website owner’s password to access any email account that the owner created within the account.

The Single Sign On system generates a temporary user to access a cPanel account, and its email accounts, as the account owner. This means that if you log in to any email account via the cPanel interface, you do not have to enter a password regardless of this setting.

Time between mail server queue runs

Track the origin of messages sent through the mail server by adding the X-Source headers (exim 4.34+ required)

When an account exceeds the maximum number of emails it is allowed to send per hour, by default, any additional messages are queued for delivery and sent in the next hour. This setting allows you to limit the number of messages that will be queued by the system. For example, if you set this value to 125%, once the account reaches its hourly limit, Exim will queue any additional messages, up to 125% of the Max hourly emails per domain value. Once the account reaches 125% of the Max hourly emails per domain value, any additional outgoing messages are discarded.

The system will monitor the number of emails to unique recipients that each individual email user sends. If this number exceeds the specified threshold, the system will send a notification.

The system will automatically take this action on every email account that it detects as a potential spammer. To detect spammers, the system monitors the number of emails to unique recipients that each individual user sends.

The system will send a notification when any email account sends email to more than the specified number of recipients in one hour. Email sent by mailman is exempt from this detection.

If enabled, messages sent from a mailing list owned by a user’s domain will be counted towards the maximum number of emails the domain is permitted to send per hour.

The maximum percentage of a domain’s outgoing mail that can consist of failed or deferred messages. Once the domain exceeds this percentage, it is temporarily blocked from sending mail.

When a domain sends this number of failed or deferred messages in an hour, and the “Maximum percentage of failed or deferred messages a domain may send per hour” has also been reached, the domain will be temporarily unable to send outgoing mail.

Enabling this feature will redirect outgoing SMTP connections to the local mail server. root, exim, and mailman are still allowed to make direct connections.

Prevent the user “nobody” from sending out mail to remote addresses
(PHP and CGI scripts generally run as “nobody” if you are using mod_php or have Suexec disabled.)

Provides the IMAP/POP before SMTP authentication method. You must enable RecentAuthedMailIpTracker in the Service Manager for this functionality to work. However, we recommend that you do not enable this option, and you should instead use SMTP authentication on modern systems.

Add the mail. prefix for mailman URLs (ie http://mail.domain.com/mailman)

This is the value that is prefilled in the quota box for new email accounts on supported themes

This determines which option is preselected in the interface used to add new email accounts in cPanel on supported themes

Enable System Disk Space Usage Warnings

Threshold percentage to warn the system admin (via email) that the system disk usage is considered to be in the “warn” state.

Threshold percentage to warn the system admin (via email) that the system disk usage is considered to be in the “critical” state.

Enable Disk Quota Usage Warnings

Enable Out of memory (OOM) Warnings

The disk quota percentage at which an account enters the “warn” state. An email notification will be sent to the user.

Notify the admin or reseller when an account has reached the “warn” disk quota state.

The disk quota percentage at which an account enters the “critical” state. An email notification will be sent to the user.

Notify the admin or reseller when an account has reached the “critical” disk quota state.

The disk quota percentage at which an account enters the “full” state. An email notification will be sent to the user.

Notify the admin or reseller when an account has reached the “full” disk quota state.

Automatically suspend HTTP service for accounts that exceed their bandwidth limit. Disabling this will disable all bandwidth notifications and treat all accounts as having unlimited bandwidth.

Send a notification when an SSL certificate expires soon. The system will only send a notification for an AutoSSL-provided certificate if that certificate fails to renew. To manage who will receive these notifications, please update AutoSSL options found at Home »SSL/TLS »Manage AutoSSL.

Email users when they have exceeded their bandwidth. Disabling this will prevent all bandwidth limits warning emails from being sent.

Email users when they have reached 70% of their bandwidth

Email users when they have reached 75% of their bandwidth

Email users when they have reached 80% of their bandwidth

Email users when they have reached 85% of their bandwidth

Email users when they have reached 90% of their bandwidth

Email users when they have reached 95% of their bandwidth

Email users when they have reached 97% of their bandwidth

Email users when they have reached 98% of their bandwidth

Email users when they have reached 99% of their bandwidth

This value applies to new packages when the package creator lacks the “Create Packages with Unlimited Features” ACL. This logical default value for new packages preserves backward API compatibility when the user does not provide a value.

This value applies to new packages when the package creator lacks the “Create Packages with Unlimited Disk Usage” ACL. This logical default value for new packages preserves backward API compatibility when the user does not provide a value.

This value applies to new packages when the package creator lacks the “Create Packages with Unlimited Bandwidth” ACL. This logical default value for new packages preserves backward API compatibility when the user does not provide a value.

This will only apply to PHP processes.

When a user visits /cpanel, /webmail, /whm, or visits other URLs that redirect to a cPanel service, the system will redirect to an SSL URL for the closest matched domain that the system has a valid certificate. If you disable this option, the system will redirect to the equivalent URL that they visited based on the original request made via HTTPS or HTTP. This option also controls how the system will redirect unencrypted cPanel, Webmail, WHM, and DAV requests to the best matched certificate for the domain when “Require SSL” is enabled. When enabled, it will redirect closest matched domain that the system has a valid certificate for. When it is disabled, it will simply redirect equivalent HTTPS URL.

Redirect user to the following URL (relative or absolute) upon logout of the cPanel interface. (ie http://your-website)

This feature allows users to enable browser-native password caching for cPanel, WHM, and webmail logins. If you turn this off, it will not affect legacy-style (I.e. pre-11.32) login themes.

This setting allows you to hide the REMOTE_PASSWORD environment variable from scripts executed through cpsrvd's cgi handler.

Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.

Allow WHM/Webmail/cPanel services to create core dumps for debugging purposes. Core dumps often contain sensitive information but may be necessary for debugging certain types of service crashes.

Send passwords in plaintext over email when creating a new acccount. Enabling this option is a security risk.

This option enables the EasyApache FileProtect module, which improves the security of each user’s public_html directory. [More Info]

Only permit cpanel/whm/webmail to execute functions when the browser provides a referrer. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.

Only permit cpanel/whm/webmail to execute functions when the browser provided referrer (Domain/IP and Port) exactly matches the destination URL. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.

This option forces the server to redirect unencrypted cPanel, Webmail, WHM, and DAV requests to secure ports according to the SSL redirection settings. If “Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs” is enabled, the system will redirect to the best matched certificate for the domain. If “Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs” is disabled, the system will redirect to the https:// URL for the domain, even if no valid certificate exists for the domain.

Special care should be taken when enabling this functionality since PHP will be running as root. Any application you permit to run under this setup should make special security considerations to avoid catastrophe.

This option was introduced in cPanel 11.38.1 to provide additional visibility of installed apps and addons and the privilege level at which they are installed. This forces apps and addons to register with AppConfig before WHM will execute them when logged in as a reseller.

This option was introduced in cPanel 11.38.1 to provide additional visibility of installed apps and addons and the privilege level at which they are installed. This forces apps and addons to register with AppConfig before WHM will execute them when logged in as root or a reseller with the "all" ACL.

Enabling this option will permit WHM apps and addons to run without an ACLs list defined in their AppConfig file.

Enabling this option will permit cPanel and Webmail apps and addons to run without an feature list defined in their AppConfig file.

Use MD5 encoded passwords in Apache htpasswd files. When this option is disabled, crypt-encoded passwords are used. Crypt-encoded passwords are limited to a maximum length of 8 characters, while MD5-encoded passwords may be any length.

If mod_ruid2 is compiled in via EasyApache, mod_ruid2 is enabled, and a user has their shell set to jailshell or noshell, enabling this option will chroot() a user's Apache Virtual Host into the cPanel® jailshell environment. Each user will require 14 bind mounts. While modern Linux supports a very large number of bind mounts, many processes read /proc/mounts. Reading /proc/mounts can be quite expensive when it becomes large.

When you select a keyring type, signatures will be downloaded and verified against the type of keyring selected. Official releases are signed with the Release keyring. The Development keyring is used for test builds only and is not as safe. All signature validation will be turned off when you select the ‘Off’ option.

The type of key that the system will create by default for SSL/TLS certificates and signing requests.

When you create a new domain, cPanel will apply the best available certificate (CA signed); otherwise cPanel will apply a self-signed SSL certificate and request a new certificate via AutoSSL if it is enabled. Warning: If you disable this option, and a CA signed certificate is not available, when a user attempts to visit the newly created domain over https, the user will see the first SSL certificate installed on that IP address. Warning: If you enable this option and do not have a CA signed certificate or AutoSSL enabled, Google search results may point to the SSL version of the site with a self-signed certificate, which will generate warnings in the users’ browser. To avoid both of these concerns, we strongly recommend that you enable AutoSSL.

When this option is enabled, cPanel will verify GPG signatures of all 3rdparty cPaddons. This setting is only available if Signature Validation is enabled.

Allow the use of ~/.accesshash files for authenticating API calls. This method of authentication has been deprecated in favor of API Tokens.

Use the X-Frame-Options HTTP response header to indicate whether a browser can render a page in a <frame>, <iframe> or <object> tag. This allows websites to ensure that their contents are not embedded into other sites, to avoid clickjacking attacks.
The server uses the X-Content-Type-Options response HTTP header to indicate that the MIME types in the Content-Type headers should not be changed or followed.
When you enable this option, the system adds the X-Frame-Options header, with a value of SAMEORIGIN, and the X-Content-Type-Options header, with a value of nosniff, to cpsrvd responses.

Require that outgoing SSH connections made by cPanel & WHM verify the remote system's key. This setting helps to protect against man-in-the-middle attacks.
When you enable this setting, every remote system that is connected to via SSH must have a valid key in the /etc/ssh/ssh_known_hosts file.
If you set this value to "dns", the remote system has SSHFP records in a DNSSEC-signed zone, and the local system uses EDNS0 resolving, use these records to validate the remote system. If you set this value to "dns" but the system does not use SSHFP records in a DNSSEC-signed zone or does not use ENDS0 resolving, the system will act as though the option were set to "enabled".

Set this option to Off to prevent a message that encourages rebooting your server. Note: Disabling the reboot warning can cause security concerns to be unaddressed.

Enable the Content-Security-Policy header on some interfaces in WHM. This can help prevent certain cross-site scripting (XSS) attacks. JavaScript loaded from external sites will be blocked when visiting a CSP-enabled interface.

Use of the dormant service feature will decrease memory use. When a service is idle for 5 minutes, it will unload itself from memory, leaving a tiny “listening” service in place. The reduction in memory consumption is offset by a delay in fulfilling the initial request when dormant since full service must then be activated.

Enable this option to have the system check cPanel RPMS for problems during the maintenance script. If there are problems, the system will notify the administrator.

Enable this option to have the system use digest verification during its maintenance script. This ensures that RPM package files are not corrupt and that nothing has tampered with them.

If between 100 and 1,000 databases exist on your server, you can disable this option to attempt to increase performance. However, cPanel users must relog in to cPanel to allow phpMyAdmin to display newly-created databases.

Using INFORMATION_SCHEMA ensures that disk usage by MySQL tables is included in totals. However, enabling this option may cause a significant drop in performance as MySQL may become unresponsive until data collection is complete. Disabling this option causes the system to query the filesystem directly, potentially excluding disk space used by some database tables. Note: If you use a remote MySQL server, you must turn this setting On in order to calculate MySQL disk usage.

cPanel & WHM will use your total number of tables to adjust the open_files_limit value during each MySQL restart.

cPanel & WHM will adjust the max_allowed_packet value during each MySQL restart, if a change is necessary.

cPanel & WHM will use your total number of tables to adjust the innodb_buffer_pool_size value during each MySQL restart.

When this option is enabled, the system will require that the name of each new database or database user from a cPanel session begin with the system username and an underscore (_). This makes it easier to tell which user owns a given database, but it also restricts the number of characters that users can use for names of databases and database users. Note that if the username changes at a later point, the name of the database or database user does NOT change. Also, while older cPanel API calls automatically add this prefix, newer API calls expect the caller to add it.

Force the system to limit database prefixes to 8 characters for MySQL and MariaDB. Warning: Enabling this setting will prevent you from creating new accounts that share the same first 8 characters of their usernames.

This setting will force the system to delete all access logs after each run.

This option will only be used if the user does not configure their log archiving preferences in cPanel.

This option will only be used if the user does not configure their log archiving preferences in cPanel.

The load average above the number of CPUs at which cpuwatch, cpanellogd, backups, and CPU stats consider the system to be in a critical load state. For example, a server with 4 physical CPUs and a value of 2 in this field will be considered “critical” in these cases once the load reaches 6.

Keep Apache’s domlogs/ftpxferlog after it has been separated into each domain name’s FTP log.

Keep stats log (/usr/local/cpanel/logs/stats_log) between cPanel restarts. Note that log rotation may affect this as well.

Modifies the Apache domlog file permissions based on user provided value prior to log processing. Default value is 0640.

Larger numbers indicate more debug information in /usr/local/cpanel/logs/stats_log.

Threshold above which cpanellogd will rotate log files.

These files can be found in the /var/cpanel/updatelogs directory.

Select the minimum load average for overall system load display purposes that will cause the server status to appear red. You may enter decimals in this field.

Help guide development of cPanel & WHM by sending information about errors that occur. Read our Server Usage Analysis Data Collection Policy for more information.

This option allows you to specify how long you wish to keep the update analysis files you send cPanel.

This setting specifies who can access a user’s cPanel account. Account-Owner refers to the particular reseller that owns the user account. Note: Disabling root access here will also disable root’s access to the Branding Editor in WHM.

List of IP addresses, hostnames, or the value "all" which are allowed to view the /server-info and /server-status pages. See the Apache documentation for proper values.

The port (e.g. 80) on which Apache listens for HTTP connections. An IP address may precede the port number, separated by a colon (“:”). Specifying a specific IP will prevent Apache from listening on all other IPs.

The port (e.g. 443) on which Apache listens for HTTPS connections. An IP address may precede the port number, separated by a colon (“:”). Specifying a specific IP will prevent Apache from listening on all other IPs.

A shell for development use. Allows you to easily find and interact with existing API. When enabled, only root will have access in WHM, and only resellers will have access in cPanel.

The time, in seconds, that the system will wait before reloads of the DNS server take effect. The system will suppress additional restart requests during the wait time to avoid multiple reloads. For systems that process frequent DNS updates, we recommend using a higher value. For systems with few DNS changes, we recommend the default setting. Note that DNS changes will not take effect until the DNS server reloads.

Time (in seconds) that the system will wait before restarts of the web server take effect. The system will suppress additional restart requests during the wait time to avoid multiple reloads of the web server. Note that changes will not take effect until the web server reloads.

If service checks fail to complete and/or you recieve notifications about ChkServd/tailwatchd hangs, you should consider increase this value if you cannot increase available server resources or reduce server load. If notifications are infrequent, consider increasing the "The number of times ChkServd allows a previous check to complete before termination" instead.

If the monitored services are taking too long to respond to the current checking configuration on your machine, then you may wish to increase this value. You can increment this value until you no longer receive ChkServd warnings for delayed checks.

Disabling this option will cause ChkServd to send service notifications in plain text.

Disabling this option will suppress notification of service recovery from ChkServd.

Conserve memory at the expense of more CPU usage and disk I/O.

Allow usernames to be determined from the account domain name when no username is provided.

This setting prevents cpsrvd from taking over the standard HTTP ports if you disable the system’s “Web Server” role. This action renders any cPanel & WHM features that depend on the standard HTTP ports partially or entirely unusable. These features include service subdomains, AutoSSL, Mailman, and BoxTrapper.

Setting this option to On causes WHM to cache disk usage information. This may result in disk usage information being up to 15 minutes out-of-date. Setting this option to Off will provide more up-to-date data, but may significantly slow your server’s performance.

This setting restricts the maximum number of currently-active recursive DNS queries. Use this setting if your firewall imposes rate limits on DNS queries. These rate limits can degrade recursive DNS queries in applications such as AutoSSL.

Try to resolve each client’s IP to a domain name when a user connects to cPanel services (warning: This can degrade performance).

This setting determines how many days to keep files in the .trash folder of user home directories. A value of 0 configures the server to purge all files from every user’s .trash folder, regardless of age.

NOTE: This setting only purges files that users delete through cPanel’s File Manager interface ( Home >> Files >> File Manager ).

When enabled, compile code optimized for this machine. On some systems, using compiler optimizations can trigger a bug in system libraries. This is usually autodetected, but you can manually adjust this option to disable using these optimizations if the autodetection fails.

The maximum file size allowed for upload. This setting applies to all uploads and form submissions in all web interfaces throughout cPanel and WHM.

The minimum filesystem quota space required after file upload. This will prevent users from hitting their quota limit; it applies to all uploads and form submissions in all web interfaces throughout cPanel and WHM.

If you use Pure-FTPd, setting this interval can allow the system to take into account disk usage information for files that are modified or added to a user's root FTP directory by processes other than the FTP server. A higher setting will reduce disk I/O but lower the accuracy of the usage data. A lower setting will improve accuracy, but consume more disk I/O.

The maximum number of directories deep to look for .htaccess files when doing .htaccess checks. Values higher than 10 are discouraged.

Allow cPanel account users to send invitations to new Subaccount users via User Manager. An invitation includes a link to a time-sensitive page where the Subaccount user can set his or her own password instead of relying on the cPanel account user to set one.

This allows you to use WHM, cPanel, Webmail and Web Disk over IPv6.

After you change this setting, you must manually restart cPanel & WHM’s services.

You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.

You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.

You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.

You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.

This option applies to a few especially I/O-intensive user functions, such as actions initiated through the cPanel File Manager. You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.

You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.

You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.

email_archive_maintenance is a nightly maintenance tool that cPanel & WHM uses to support Email Archiving. You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority.

dovecot_maintenance is a nightly maintenance tool that cPanel & WHM uses to maintain mailboxes. You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority.

Use cPanel® jailshell as the default shell for all new accounts and modified accounts.

Enable this option if you need to use suid binaries such as /bin/ping in jail mounts.

Enable this option if you need to use suid binaries such as /usr/bin/crontab in jail mounts.

The maximum memory a cPanel process can use before it is killed off. This setting’s minimum value depends on the number of cPanel accounts on the system.

The maximum number of requests that can be served by the cPanel service daemon at one time (Keep this as low as possible to limit potential denial of service attacks).

Delay deferrable graceful Apache restarts. Apache will wait this number of seconds after a restart request to perform the restart. The system will discard any additional graceful restart requests that occur before the scheduled restart.

Specify the timeout for connections between this server and other remote WHM servers.

Maximum time that the system is permitted to spend fetching diskusage and quota information before it considers the data unavailable.

Allow cPanel users to reset their password via email.

Allow Subaccount users to reset their password via email.

Each night, WHM updates your system software but does not update the kernel. If you select On, WHM will update the kernel. When you log in, WHM will notify you that your system requires a reboot.

The locale that the system will use when the user’s locale is unavailable. Set this to the locale that administrators, resellers, and users are most likely to understand.

If this setting is off, only cpsrvd will be able to run cPanel and the admin binaries.

The number of times a ChkServd TCP check must fail before notification is sent and the service is restarted. On heavily loaded systems these types of service checks fail occasionally, producing erroneous indications that services are down. A value of 3 or higher is recommended for most systems.

By default, the system makes changes to the firewall when an account is modified. When enabled, this setting disables the corresponding changes to the firewall. The server administrator will need to perform any necessary changes to the firewall.

By default, cPanel adds firewall rules to ensure that cPanel ports are open. When enabled, this setting disables adding these rules to the firewall.

The “Account Modification” ACL allows resellers to bypass their user account limits. Enabling this setting prevents resellers from creating more accounts than allowed.

When enabled, the system copies the default error documents to the document root directory when you create new accounts, addon domains, and subdomains. By copying the default error documents to the document root, this ensures that the global ErrorDocument configuration has the files its needs to prevent generating additional errors.