# This file is in the YAML format.
--- # Indentation is important here!
TS_display:
-
- Compression
-
- gzip_compression_level
- gzip_pigz_processes
- gzip_pigz_block_size
-
- cPAddons Site Software
-
- cpaddons_adminemail
- cpaddons_autoupdate
- cpaddons_max_moderation_req_all_mod
- cpaddons_max_moderation_req_per_mod
- cpaddons_moderation_request
- cpaddons_no_3rd_party
- cpaddons_no_modified_cpanel
- cpaddons_notify_owner
- cpaddons_notify_root
- cpaddons_notify_users
-
- Development
-
- debughooks
- debugui
-
- Display
-
- default_login_theme
- file_usage
- numacctlist
- display_cpanel_promotions
- display_upgrade_opportunities
-
- Domains
-
- allowparkhostnamedomainsubdomains
- allowparkonothers
- allowwhmparkonothers
- allowremotedomains
- allowresellershostnamedomainsubdomains
- allowunregistereddomains
- autocreateaentries
- autoupdate_certificate_on_hostname_mismatch
- blockcommondomains
- check_zone_syntax
- check_zone_owner
- create_account_dkim
- create_account_spf
- create_account_dmarc
- dnsadminapp
- proxysubdomains
- autodiscover_proxy_subdomains
- autodiscover_mail_service
- autodiscover_host
- overwritecustomproxysubdomains
- overwritecustomsrvrecords
- proxysubdomainsoverride
- publichtmlsubsonly
- share_docroot_default
- useauthnameservers
-
- Logging
-
- dnsadmin_log
- dnsadmin_verbose_sync
- log_successful_logins
- enable_api_log
-
- Mail
-
- maxemailsperhour
- emailsperdaynotify
- mailbox_storage_format
- defaultmailaction
- domainowner_mail_pass
- disk_usage_include_mailman
- exim-retrytime
- eximmailtrap
- email_send_limits_defer_cutoff
- email_outbound_spam_detect_enable
- email_outbound_spam_detect_action
- email_outbound_spam_detect_threshold
- email_send_limits_count_mailman
- email_send_limits_max_defer_fail_percentage
- email_send_limits_min_defer_fail_to_trigger_protection
- smtpmailgidonly
- nobodyspam
- popbeforesmtp
- popbeforesmtpsenders
- skipboxtrapper
- emailarchive
- skipmailman
- skiproundcube
- skipspamassassin
- skipspambox
- usemailformailmanurl
- email_account_quota_userdefined_default_value
- email_account_quota_default_selected
-
- Notifications
-
- skipdiskusage
- system_diskusage_warn_percent
- system_diskusage_critical_percent
- skipdiskcheck
- skipoomcheck
- emailusers_diskusage_warn_percent
- emailusers_diskusage_warn_contact_admin
- emailusers_diskusage_critical_percent
- emailusers_diskusage_critical_contact_admin
- emailusers_diskusage_full_percent
- emailusers_diskusage_full_contact_admin
- skipboxcheck
- emailusers_mailbox_warn_percent
- emailusers_mailbox_critical_percent
- emailusers_mailbox_full_percent
- skipbwlimitcheck
- notify_expiring_certificates
- emailusersbandwidthexceed
- emailusersbandwidthexceed70
- emailusersbandwidthexceed75
- emailusersbandwidthexceed80
- emailusersbandwidthexceed85
- emailusersbandwidthexceed90
- emailusersbandwidthexceed95
- emailusersbandwidthexceed97
- emailusersbandwidthexceed98
- emailusersbandwidthexceed99
-
- Packages
-
- default_pkg_max_emailacct_quota
- default_pkg_quota
- default_pkg_bwlimit
-
- PHP
-
- php_max_execution_time
- php_memory_limit
- php_post_max_size
- php_upload_max_filesize
- phploader
-
- Redirection
-
- alwaysredirecttossl
- cpredirect
- cpredirectssl
- logout_redirect_url
-
- Security
-
- allow_login_autocomplete
- cgihidepass
- cookieipvalidation
- coredump
- emailpasswords
- enablefileprotect
- referrerblanksafety
- referrersafety
- requiressl
- disable-php-as-reseller-security
- permit_unregistered_apps_as_reseller
- permit_unregistered_apps_as_root
- permit_appconfig_entries_without_acls
- permit_appconfig_entries_without_features
- use_apache_md5_for_htaccess
- jailapache
- signature_validation
- ssl_default_key_type
- selfsigned_generation_for_bestavailable_ssl_install
- verify_3rdparty_cpaddons
- allow_deprecated_accesshash
- xframecpsrvd
- ssh_host_key_checking
- show_reboot_banner
- csp
-
- Software
-
- dormant_services
- maintenance_rpm_version_check
- maintenance_rpm_version_digest_check
- pma_disableis
-
- SQL
-
- disk_usage_include_sqldbs
- use_information_schema
- usemysqloldpass
- mycnf_auto_adjust_openfiles_limit
- mycnf_auto_adjust_maxallowedpacket
- mycnf_auto_adjust_innodb_buffer_pool_size
- database_prefix
- force_short_prefix
-
- Stats and Logs
-
- awstatsbrowserupdate
- dumplogs
- default_archive-logs
- default_remove-old-archived-logs
- extracpus
- keepftplogs
- keeplogs
- keepstatslog
- logchmod
- showwhmbwusageinmegs
- statsloglevel
- rotatelogs_size_threshhold_in_megabytes
- exim_retention_days
- modsec_keep_hits
- upcp_log_retention_days
- web_log_retention_days
-
- Stats Programs
-
- awstatsreversedns
- skipanalog
- skipawstats
- skipwebalizer
-
- Status
-
- loadthreshold
-
- Support
-
- display_cpanel_doclinks
- send_error_reports
- update_log_analysis_retention_length
-
- System
-
- account_login_access
- allow_server_info_status_from
- allowcpsslinstall
- apache_port
- apache_ssl_port
- api_shell
- bind_deferred_restart_time
- httpd_deferred_restart_time
- chkservd_check_interval
- chkservd_hang_allowed_intervals
- chkservd_plaintext_notify
- skip_chkservd_recovery_notify
- conserve_memory
- cpdavd_caldav_upload_limit
- cpsrvd-domainlookup
- disable_cphttpd
- disablequotacache
- dns_recursive_query_pool_size
- dnslookuponconnect
- empty_trash_days
- enablecompileroptimizations
- file_upload_max_bytes
- file_upload_must_leave_bytes
- ftpquotacheck_expire_time
- htaccess_check_recurse
#11.36 - ipv6_control
- invite_sub
- ipv6_listen
- ionice_bandwidth_processing
- ionice_log_processing
- ionice_cpbackup
- ionice_userbackup
- ionice_userproc
- ionice_quotacheck
- ionice_ftpquotacheck
- ionice_email_archive_maintenance
- ionice_dovecot_maintenance
- jaildefaultshell
- jailprocmode
- jailmountbinsuid
- jailmountusrbinsuid
- maxmem
- maxcpsrvdconnections
- min_time_between_apache_graceful_restarts
- nosendlangupdates
- remotewhmtimeout
- repquota_timeout
- resetpass
- resetpass_sub
- rpmup_allow_kernel
- server_locale
- skipnotifyacctbackupfailure
- skipparentcheck
- tcp_check_failure_threshold
- transfers_timeout
- skipfirewall
- skip_rules_added_by_configure_firewall_for_cpanel
- enforce_user_account_limits
- copy_default_error_documents
account_login_access:
label: 'Accounts that can access a cPanel user account:'
help: 'This setting specifies who can access a user’s cPanel account. Account-Owner refers to the particular reseller that owns the user account. Note: Disabling root access here will also disable root’s access to the Branding Editor in WHM.'
optionlabels:
user: cPanel User Only
owner: Account-Owner and cPanel User Only
owner_root: Root, Account-Owner, and cPanel User
allow_server_info_status_from:
label: Allow server-info and server-status
help: 'List of IP addresses, hostnames, or the value "all" which are allowed to view the /server-info and /server-status pages. See the <a target="_blank" href="http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow">Apache documentation</a> for proper values.'
allow_deprecated_accesshash:
label: 'Allow deprecated WHM accesshash authentication'
help: 'Allow the use of ~/.accesshash files for authenticating API calls. This method of authentication has been deprecated in favor of API Tokens.'
allowcpsslinstall:
label: 'Allow cPanel users to install SSL Hosts.'
allowparkhostnamedomainsubdomains:
label: 'Allow users to park subdomains of the server’s hostname.'
allowparkonothers:
label: Allow cPanel users to create subdomains across accounts
help: 'Allow cPanel users to create subdomains (including the creation of addon domains) of domains that other users own. The restriction does not apply to resellers in WHM. Enabling this is not recommended.'
allowwhmparkonothers:
label: Allow WHM users to create subdomains across accounts
help: 'Allow WHM users to create subdomains (including creation of addon domains) of domains that other users own. Enabling this is not recommended.'
allowremotedomains:
label: Allow Remote Domains
help: 'Allow creation of parked/addon domains that resolve to other servers (e.g. domain transfers) This can be a major security problem. If you must have it enabled, be sure not to allow users to park common Internet domains.'
allowresellershostnamedomainsubdomains:
label: 'Allow resellers to create accounts with subdomains of the server’s hostname.'
allowunregistereddomains:
label: Allow unregistered domains
help: 'Allow creation of parked/addon domains that are not registered.'
alwaysredirecttossl:
label: Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS”
help: 'When a user visits /cpanel, /webmail, /whm, or visits other URLs that redirect to a cPanel service, the system will redirect to an SSL URL for the closest matched domain that the system has a valid certificate. If you disable this option, the system will redirect to the equivalent URL that they visited based on the original request made via HTTPS or HTTP. This option also controls how the system will redirect unencrypted cPanel, Webmail, WHM, and DAV requests to the best matched certificate for the domain when “Require SSL” is enabled. When enabled, it will redirect closest matched domain that the system has a valid certificate for. When it is disabled, it will simply redirect equivalent HTTPS URL.'
min_time_between_apache_graceful_restarts:
label: Minimum time between Apache graceful restarts.
help: 'Delay deferrable graceful Apache restarts. Apache will wait this number of seconds after a restart request to perform the restart. The system will discard any additional graceful restart requests that occur before the scheduled restart.'
apache_port:
label: Apache non-SSL IP/port
help: 'The port (e.g. 80) on which Apache listens for HTTP connections. An IP address may precede the port number, separated by a colon (“:”). Specifying a specific IP will prevent Apache from listening on all other IPs.'
apache_ssl_port:
label: Apache SSL port
help: 'The port (e.g. 443) on which Apache listens for HTTPS connections. An IP address may precede the port number, separated by a colon (“:”). Specifying a specific IP will prevent Apache from listening on all other IPs.'
api_shell:
label: cPanel & WHM API shell (for developers)
help: 'A shell for development use. Allows you to easily find and interact with existing API. When enabled, only root will have access in WHM, and only resellers will have access in cPanel.'
autocreateaentries:
label: Automatically add A entries for registered nameservers when creating a new zone
help: 'When adding a new domain, automatically create A entries for the registered nameservers if they would be contained in the zone.'
autoupdate_certificate_on_hostname_mismatch:
label: Replace service SSL certificates that do not match the local hostname
help: 'When you enable this option, the checkallsslcerts script will replace any service SSL certificates that do not match the hostname of the server with a cPanel-signed certificate. This includes wildcard certificates.'
awstatsbrowserupdate:
label: 'Allow users to update Awstats from cPanel'
awstatsreversedns:
label: 'Awstats reverse DNS resolution'
bind_deferred_restart_time:
label: DNS server reload deferral time
help: 'The time, in seconds, that the system will wait before reloads of the DNS server take effect. The system will suppress additional restart requests during the wait time to avoid multiple reloads. For systems that process frequent DNS updates, we recommend using a higher value. For systems with few DNS changes, we recommend the default setting. Note that DNS changes will not take effect until the DNS server reloads.'
httpd_deferred_restart_time:
label: HTTPD deferred reload time
help: 'Time (in seconds) that the system will wait before restarts of the web server take effect. The system will suppress additional restart requests during the wait time to avoid multiple reloads of the web server. Note that changes will not take effect until the web server reloads.'
blockcommondomains:
label: Prevent cPanel users from creating specific domains
help: 'Prevent cPanel users from creating a Parked or Addon domain that is listed in /usr/local/cpanel/etc/commondomains or /var/cpanel/commondomains. Recommended.'
cgihidepass:
label: Hide login password from cgi scripts
help: 'This setting allows you to hide the REMOTE_PASSWORD environment variable from scripts executed through cpsrvd's cgi handler.'
check_zone_syntax:
label: Check zone syntax
help: 'Check zone file syntax when saving and syncing zones.'
check_zone_owner:
label: Check zone owner
help: 'Check zone's owner when saving and syncing zones.'
chkservd_hang_allowed_intervals:
label: The number of times ChkServd allows a previous check to complete before termination.
help: If the monitored services are taking too long to respond to the current checking configuration on your machine, then you may wish to increase this value. You can increment this value until you no longer receive ChkServd warnings for delayed checks.
chkservd_check_interval:
label: The number of seconds between ChkServd service checks.
help: 'If service checks fail to complete and/or you recieve notifications about ChkServd/tailwatchd hangs, you should consider increase this value if you cannot increase available server resources or reduce server load. If notifications are infrequent, consider increasing the "The number of times ChkServd allows a previous check to complete before termination" instead.'
chkservd_plaintext_notify:
label: The option to enable or disable ChkServd HTML notifications.
help: Disabling this option will cause ChkServd to send service notifications in plain text.
skip_chkservd_recovery_notify:
label: The option to enable or disable ChkServd recovery notifications.
help: Disabling this option will suppress notification of service recovery from ChkServd.
conserve_memory:
label: Conserve memory
help: 'Conserve memory at the expense of more CPU usage and disk I/O.'
cookieipvalidation:
label: Cookie IP validation
help: 'Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.'
coredump:
label: Generate core dumps
help: 'Allow WHM/Webmail/cPanel services to create core dumps for debugging purposes. Core dumps often contain sensitive information but may be necessary for debugging certain types of service crashes.'
cpaddons_adminemail:
label: cPAddons Site Software admin email
help: 'The default administrative contact for cPAddons Site Software moderation emails. (Resellers will be notified if their contact email is set in cPanel):'
cpaddons_autoupdate:
label: cPAddons Site Software source automatic updates
help: 'Automatically keep all cPAddons Site Software Source Files up to date.'
cpaddons_max_moderation_req_all_mod:
label: Max cPAddons Site Software installation requests
help: 'The maximum number of moderated requests that a user may have at any given time'
cpaddons_max_moderation_req_per_mod:
label: Max cPAddons Site Software installation requests per addon
help: 'The maximum number of moderated requests per addon that a user may have at any given time'
cpaddons_moderation_request:
label: cPAddons Site Software moderation notification
help: 'Alert the cPAddons Site Software administrator of pending moderation requests'
cpaddons_no_3rd_party:
label: Allow cPAddons Site Software installations from non-cPanel sources
help: 'Allow installation of cPAddons Site Software packaged scripts that are not provided by cPanel'
cpaddons_no_modified_cpanel:
label: Allow cPAddons Site Software installations from modified sources
help: 'Allow installation of cPAddons Site Software that have been altered. (Enabling this may be useful when testing custom addons.)'
cpaddons_notify_owner:
label: Notify reseller of cPAddons Site Software installations
help: 'Notify resellers when accounts they own are using cPAddons Site Software installations that require an update.'
cpaddons_notify_root:
label: Notify root of cPAddons Site Software installations
help: 'Notify the cPAddons Site Software administrator of cPAddon installations that require an update.'
cpaddons_notify_users:
label: Notify cPanel users when they need to update their cPAddons Site Software installations
help: 'Notify cPanel users if they are using cPAddon Site Software installations that require an update.'
cpredirect:
label: Non-SSL redirect destination
help: 'When visiting /cpanel or /whm or /webmail WITHOUT SSL, you can choose to redirect to:'
cpredirectssl:
label: SSL redirect destination
help: 'When visiting /cpanel or /whm or /webmail with SSL, you can choose to redirect to:'
cpsrvd-domainlookup:
label: cpsrvd username domain lookup
help: 'Allow usernames to be determined from the account domain name when no username is provided.'
cpdavd_caldav_upload_limit:
label: Max upload size for CalDAV/CardDAV server
help: 'Specify the number of megabytes allowed when uploading events and attachments to the calendar server. The default is 10MB.'
csp:
label: Enable Content-Security-Policy on some interfaces
help: 'Enable the Content-Security-Policy header on some interfaces in WHM. This can help prevent certain cross-site scripting (XSS) attacks. JavaScript loaded from external sites will be blocked when visiting a CSP-enabled interface.'
default_login_theme:
label: Default login theme
help: 'The theme to display when users log into cPanel, WHM, and webmail. (You may override this setting for a specific browser session by appending <em>?login_theme=theme-name</em> to the HTTP Request-URI. Note that <em>theme-name</em> stands for the desired theme.)'
defaultmailaction:
label: Initial default/catch-all forwarder destination
help: 'Forwarding destination for a new account’s catch-all/default address. (Users may modify this value via the Default Address interface in cPanel.) “<code>Fail</code>” rejects the message and notifies the remote SMTP server. This is usually the best choice if you are getting mail attacks. “<code>Blackhole</code>” accepts and processes the message but then silently discards it. This avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.'
optionlabels:
localuser: System account
blackhole: Blackhole
fail: Fail
debughooks:
label: 'Standardized Hooks - Debug Mode'
help: "The Standardized Hooks System’s debug mode helps to troubleshoot hook issues."
default: disabled
optionlabels:
0: 'Debug mode is off.'
log: 'Debug mode is on. The system displays information about a hook while it executes, but does not log debug data to the error log.'
logdata: 'Debug mode is on. The system displays information about a hook while it executes and logs debug data to the error log.'
logall: 'Debug mode is on. The system displays information about every stage for every hookable event, even if no hooks exist for that stage.'
debugui:
label: 'User Interface - Debug Mode'
help: "The cPanel interface's debug mode. This setting changes the way the system generates user interfaces."
default: disabled
optionlabels:
0: 'Debug mode is off.'
1: 'Debug mode is on.'
copy_default_error_documents:
label: 'Copy default error documents to docroot for new accounts, addon domains, and subdomains'
help: 'When enabled, the system copies the default error documents to the document root directory when you create new accounts, addon domains, and subdomains. By copying the default error documents to the document root, this ensures that the global ErrorDocument configuration has the files its needs to prevent generating additional errors.'
default: disabled
optionlabels:
0: 'Disabled'
1: 'Enabled'
empty_trash_days:
label: 'Maximum age, in days, of content to keep when automatically emptying the users’ File Manager Trash'
help: 'This setting determines how many days to keep files in the .trash folder of user home directories. A value of 0 configures the server to purge all files from every user’s .trash folder, regardless of age. <br><br><b>NOTE:</b> This setting only purges files that users delete through cPanel’s File Manager interface ( Home >> Files >> File Manager ).'
enablecompileroptimizations:
label: Enable optimizations for the C compiler
help: 'When enabled, compile code optimized for this machine. On some systems, using compiler optimizations can trigger a bug in system libraries. This is usually autodetected, but you can manually adjust this option to disable using these optimizations if the autodetection fails.'
disablequotacache:
label: Cache disk quota information
help: 'Setting this option to On causes WHM to cache disk usage information. This may result in disk usage information being up to 15 minutes out-of-date. Setting this option to Off will provide more up-to-date data, but may significantly slow your server’s performance.'
display_cpanel_doclinks:
label: Display documentation links in cPanel interface
disk_usage_include_sqldbs:
label: 'Include databases in disk usage calculations'
disk_usage_include_mailman:
label: 'Include mailman in disk usage calculations'
dns_recursive_query_pool_size:
label: Recursive DNS query pool size
help: 'This setting restricts the maximum number of currently-active recursive DNS queries. Use this setting if your firewall imposes rate limits on DNS queries. These rate limits can degrade recursive DNS queries in applications such as AutoSSL.'
undef: 'Unrestricted'
dnsadmin_log:
label: dnsadmin logging level
help: 'Log dnsadmin requests to /usr/local/cpanel/logs/dnsadmin_log'
dnsadmin_verbose_sync:
label: Enable verbose logging of DNS zone syncing
help: 'Add additional information about DNS zone syncing to the cPanel error log. This is intended for testing or debugging purposes only.'
dnsadminapp:
label: DNS request management application
undef: 'dnsadmin, auto-detect SSL'
dnslookuponconnect:
label: Reverse DNS lookup upon connect
help: 'Try to resolve each client’s IP to a domain name when a user connects to cPanel services (warning: This can degrade performance).'
domainowner_mail_pass:
label: Mail authentication via domain owner password
help: 'This setting specifies whether to allow the use of the website owner’s password to access any email account that the owner created within the account.<br><br>The Single Sign On system generates a temporary user to access a cPanel account, and its email accounts, as the account owner. This means that if you log in to any email account via the cPanel interface, you do not have to enter a password <i>regardless of this setting</i>.'
dumplogs:
label: 'Delete each domain’s access logs after statistics are gathered'
help: 'This setting will force the system to delete all access logs after each run.'
default_archive-logs:
label: "Archive logs in the user's home directory at the end of each stats run unless configured by the user."
help: "This option will only be used if the user does not configure their log archiving preferences in cPanel."
default_remove-old-archived-logs:
label: "Remove the previous month's archived logs from the user's home directory at the end of each month unless configured by the user."
help: "This option will only be used if the user does not configure their log archiving preferences in cPanel."
emailpasswords:
label: Send passwords when creating a new account
help: 'Send passwords in plaintext over email when creating a new acccount. Enabling this option is a security risk.'
emailusers_diskusage_warn_contact_admin:
label: 'Notify admin or reseller when disk quota reaches “warn” state'
help: 'Notify the admin or reseller when an account has reached the “warn” disk quota state.'
emailusers_diskusage_critical_contact_admin:
label: 'Notify admin or reseller when disk quota reaches “critical” state'
help: 'Notify the admin or reseller when an account has reached the “critical” disk quota state.'
emailusers_diskusage_full_contact_admin:
label: 'Notify admin or reseller when disk quota reaches “full” state'
help: 'Notify the admin or reseller when an account has reached the “full” disk quota state.'
emailusers_diskusage_warn_percent:
label: 'Account disk quota “warn” percentage'
help: 'The disk quota percentage at which an account enters the “warn” state. An email notification will be sent to the user.'
undef: Disabled
emailusers_diskusage_critical_percent:
label: 'Account disk quota “critical” percentage'
help: 'The disk quota percentage at which an account enters the “critical” state. An email notification will be sent to the user.'
undef: Disabled
emailusers_diskusage_full_percent:
label: 'Account disk quota “full” percentage'
help: 'The disk quota percentage at which an account enters the “full” state. An email notification will be sent to the user.'
undef: Disabled
enablefileprotect:
label: 'Enable File Protect'
help: 'This option enables the EasyApache FileProtect module, which improves the security of each user’s <code>public_html</code> directory. [<a target="_blank" href="https://go.cpanel.net/EasyApache4FileprotectOption">More Info</a>]'
system_diskusage_warn_percent:
label: 'Account system disk usage “warn” percentage'
help: 'Threshold percentage to warn the system admin (via email) that the system disk usage is considered to be in the “warn” state.'
undef: Disable this notification
system_diskusage_critical_percent:
label: 'Account system disk usage “critical” percentage'
help: 'Threshold percentage to warn the system admin (via email) that the system disk usage is considered to be in the “critical” state.'
undef: Disable this notification
emailusers_mailbox_warn_percent:
label: 'Mailbox disk quota “warn” percentage'
help: 'Threshold percentage to warn a user (via email) that their mailbox’s disk quota is considered to be in the “warn” state.'
undef: Disable this notification
emailusers_mailbox_critical_percent:
label: 'Mailbox disk quota “critical” percentage'
help: 'Threshold percentage to warn a user (via email) that their mailbox’s disk quota is considered to be in the “critical” state.'
undef: Disable this notification
emailusers_mailbox_full_percent:
label: 'Mailbox disk quota “full” percentage'
help: 'Threshold percentage to warn a user (via email) that their mailbox’s disk quota is considered to be in the “full” state.'
undef: Disable this notification
emailusersbandwidthexceed:
label: Send bandwidth limit notification emails
help: 'Email users when they have exceeded their bandwidth. Disabling this will prevent all bandwidth limits warning emails from being sent.'
emailusersbandwidthexceed70:
label: 'Bandwidth usage warning: 70%'
help: 'Email users when they have reached 70% of their bandwidth'
emailusersbandwidthexceed75:
label: 'Bandwidth usage warning: 75%'
help: 'Email users when they have reached 75% of their bandwidth'
emailusersbandwidthexceed80:
label: 'Bandwidth usage warning: 80%'
help: 'Email users when they have reached 80% of their bandwidth'
emailusersbandwidthexceed85:
label: 'Bandwidth usage warning: 85%'
help: 'Email users when they have reached 85% of their bandwidth'
emailusersbandwidthexceed90:
label: 'Bandwidth usage warning: 90%'
help: 'Email users when they have reached 90% of their bandwidth'
emailusersbandwidthexceed95:
label: 'Bandwidth usage warning: 95%'
help: 'Email users when they have reached 95% of their bandwidth'
emailusersbandwidthexceed97:
label: 'Bandwidth usage warning: 97%'
help: 'Email users when they have reached 97% of their bandwidth'
emailusersbandwidthexceed98:
label: 'Bandwidth usage warning: 98%'
help: 'Email users when they have reached 98% of their bandwidth'
emailusersbandwidthexceed99:
label: 'Bandwidth usage warning: 99%'
help: 'Email users when they have reached 99% of their bandwidth'
exim-retrytime:
label: Email delivery retry time
help: 'Time between mail server queue runs'
eximmailtrap:
label: Track email origin via X-Source email headers
help: 'Track the origin of messages sent through the mail server by adding the X-Source headers (exim 4.34+ required)'
extracpus:
label: Extra CPUs for server load
help: 'The load average above the number of CPUs at which cpuwatch, cpanellogd, backups, and CPU stats consider the system to be in a critical load state. For example, a server with 4 physical CPUs and a value of 2 in this field will be considered “critical” in these cases once the load reaches 6.'
file_upload_max_bytes:
label: Max HTTP submission size
help: 'The maximum file size allowed for upload. This setting applies to all uploads and form submissions in all web interfaces throughout cPanel and WHM.'
undef: Unlimited
file_upload_must_leave_bytes:
label: File upload required free space
help: 'The minimum filesystem quota space required after file upload. This will prevent users from hitting their quota limit; it applies to all uploads and form submissions in all web interfaces throughout cPanel and WHM.'
force_short_prefix:
label: Force short prefix for MySQL and MariaDB databases
help: 'Force the system to limit database prefixes to 8 characters for MySQL and MariaDB. Warning: Enabling this setting will prevent you from creating new accounts that share the same first 8 characters of their usernames.'
gzip_compression_level:
label: gzip compression level
help: 'The level of compression to use (1 is faster but less compression, 9 is slower but provides maximum compression)'
gzip_pigz_processes:
label: Number of pigz processes
help: 'The number of independent pigz processes to use when performing gzip compression. For quickest compression, specify the same number of cores available on your server.'
gzip_pigz_block_size:
label: Number of kilobyte chunks per compression work unit
help: 'The size (in 1024 byte chunks) of compression work units to be distributed to each pigz process. Default is 4096. Systems with larger L2/L3 caches may benefit from higher values.'
htaccess_check_recurse:
label: Depth to recurse for .htaccess checks
help: 'The maximum number of directories deep to look for .htaccess files when doing .htaccess checks. Values higher than 10 are discouraged.'
invite_sub:
label: Account Invites for Subaccounts
help: 'Allow cPanel account users to send invitations to new Subaccount users via User Manager. An invitation includes a link to a time-sensitive page where the Subaccount user can set his or her own password instead of relying on the cPanel account user to set one.'
ionice_quotacheck:
label: I/O priority level at which quota checks are run
help: 'You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.'
ionice_ftpquotacheck:
label: I/O priority level at which FTP quota checks are run (when Pure-FTPd is enabled)
help: 'You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.'
ionice_email_archive_maintenance:
label: I/O priority level at which email_archive_maintenance is run
help: '<b>email_archive_maintenance is a nightly maintenance tool that cPanel & WHM uses to support Email Archiving</b>. You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority.'
ionice_dovecot_maintenance:
label: I/O priority level at which dovecot_maintenance is run
help: '<b>dovecot_maintenance is a nightly maintenance tool that cPanel & WHM uses to maintain mailboxes</b>. You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority.'
ftpquotacheck_expire_time:
label: Interval, in days, between rebuilds of the FTP quota and disk usage data (applies to Pure-FTPd only)
help: "If you use Pure-FTPd, setting this interval can allow the system to take into account disk usage information for files that are modified or added to a user's root FTP directory by processes other than the FTP server. A higher setting will reduce disk I/O but lower the accuracy of the usage data. A lower setting will improve accuracy, but consume more disk I/O."
ionice_bandwidth_processing:
label: I/O priority level at which bandwidth usage is processed
help: 'You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.'
ionice_log_processing:
label: I/O priority level at which stats logs are processed
help: 'You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.'
ionice_cpbackup:
label: I/O priority level at which nightly backups are run
help: 'You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.'
ionice_userbackup:
label: I/O priority level at which cPanel-generated backups are run
help: 'You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.'
ionice_userproc:
label: I/O priority level for user-initiated processes
help: 'This option applies to a few especially I/O-intensive user functions, such as actions initiated through the cPanel <em>File Manager</em>. You must compile ionice with your kernel to use this option. ionice manages I/O scheduling for processes on your system. Specifying a lower value for this option gives the process a higher priority. This option can accept integer values between 0 and 7.'
ipv6_listen:
label: Listen on IPv6 Addresses
help: 'This allows you to use WHM, cPanel, Webmail and Web Disk over IPv6.<br /><br /><i>After you change this setting, you must <a href="https://go.cpanel.net/restart" target="_blank">manually restart</a> cPanel & WHM’s services.'
ipv6_control:
label: Control IPv6 Addresses
help: 'Enabled control of IPv6 in the UI'
jaildefaultshell:
label: Use cPanel® jailshell by default
help: 'Use cPanel® jailshell as the default shell for all new accounts and modified accounts.'
jailprocmode:
label: Jailed /proc mount method <em>( * Choosing this option will create a limited /proc mount for <a href="https://go.cpanel.net/supported-os">legacy</a> operating systems. )
help: Method to use for mounting /proc in jailshell. Mounting a full /proc can allow users to escape the jail.
optionlabels:
mount_proc_full: Always mount a full /proc
mount_proc_jailed_fallback_full: "* Full /proc for <a href=\"https://go.cpanel.net/supported-os\">supported</a> operating systems and xenpv"
mount_proc_jailed_fallback_none: "* No /proc for <a href=\"https://go.cpanel.net/supported-os\">supported</a> operating systems and xenpv"
jailmountbinsuid:
label: Jailed /bin mounted suid
help: Enable this option if you need to use suid binaries such as /bin/ping in jail mounts.
jailmountusrbinsuid:
label: Jailed /usr/bin mounted suid
help: Enable this option if you need to use suid binaries such as /usr/bin/crontab in jail mounts.
keepftplogs:
label: Keep master FTP log file
help: 'Keep Apache’s domlogs/ftpxferlog after it has been separated into each domain name’s FTP log.'
keeplogs:
label: Keep log files at the end of the month
help: 'Note: Selecting this option is not recommended, as log files can quickly use up your server’s disk space. If the “Delete each domain’s access logs after statistics are gathered” option is enabled, this option will be ignored.'
keepstatslog:
label: Keep stats logs
help: 'Keep stats log (/usr/local/cpanel/logs/stats_log) between cPanel restarts. Note that <a href="../cgi/cpanel_log_rotation.pl">log rotation</a> may affect this as well.'
loadthreshold:
label: Critical load threshold
help: 'Select the minimum load average for overall system load display purposes that will cause the server status to appear red. You may enter decimals in this field.'
undef: '# of CPUs (autodetect)'
logchmod:
label: Apache log file chmod value
help: 'Modifies the Apache domlog file permissions based on user provided value prior to log processing. Default value is 0640.'
log_successful_logins:
label: Log successful logins
help: Enable this to record successful login events for cPanel, Webmail, WHM, and DAV.
logout_redirect_url:
label: Logout redirection URL
help: 'Redirect user to the following URL (relative or absolute) upon logout of the cPanel interface. (ie http://your-website)'
maxemailsperhour:
label: Max hourly emails per domain
help: 'The maximum number of emails each <b>domain</b> can send out per hour.'
undef: 'Unlimited'
emailsperdaynotify:
label: Number of emails a domain may send per day before the system sends a notification.
help: 'The system will send a notification when any domain sends more than the specified number of emails in a day.'
undef: 'Unlimited'
email_outbound_spam_detect_enable:
label: Monitor the number of unique recipients per hour to detect potential spammers.
help: 'The system will monitor the number of emails to unique recipients that each individual email user sends. If this number exceeds the specified threshold, the system will send a notification.'
email_outbound_spam_detect_action:
label: Select the action for the system to take on an email account when it detects a potential spammer.
help: 'The system will automatically take this action on every email account that it detects as a potential spammer. To detect spammers, the system monitors the number of emails to unique recipients that each individual user sends.'
optionlabels:
noaction: Take no action
hold: Hold outgoing mail
block: Reject outgoing mail
email_outbound_spam_detect_threshold:
label: Number of unique recipients per hour to trigger potential spammer notification.
help: 'The system will send a notification when any email account sends email to more than the specified number of recipients in one hour. Email sent by mailman is exempt from this detection.'
email_send_limits_count_mailman:
label: 'Count mailman deliveries towards a domain’s Max hourly emails.'
help: 'If enabled, messages sent from a mailing list owned by a user’s domain will be counted towards the maximum number of emails the domain is permitted to send per hour.'
undef: 'Unlimited'
email_send_limits_defer_cutoff:
# #### ’ IS APOSTROPHE
label: 'The percentage of email messages (above the account’s hourly maximum) to queue and retry for delivery.'
help: 'When an account exceeds the maximum number of emails it is allowed to send per hour, by default, any additional messages are queued for delivery and sent in the next hour. This setting allows you to limit the number of messages that will be queued by the system. For example, if you set this value to 125%, once the account reaches its hourly limit, Exim will queue any additional messages, up to <b>125</b>% of the <em>Max hourly emails per domain</em> value. Once the account reaches 125% of the <em>Max hourly emails per domain</em> value, any additional outgoing messages are discarded.'
email_send_limits_max_defer_fail_percentage:
label: 'Maximum percentage of failed or deferred messages a domain may send per hour'
help: 'The maximum percentage of a domain’s outgoing mail that can consist of failed or deferred messages. Once the domain exceeds this percentage, it is temporarily blocked from sending mail.'
undef: 'Unlimited'
email_send_limits_min_defer_fail_to_trigger_protection:
label: 'Number of failed or deferred messages a domain may send before protections can be triggered'
help: 'When a domain sends this number of failed or deferred messages in an hour, and the <em>“Maximum percentage of failed or deferred messages a domain may send per hour”</em> has also been reached, the domain will be temporarily unable to send outgoing mail.'
undef: 'Unlimited'
maxcpsrvdconnections:
label: Max cPanel/WHM/Webmail service handlers
help: 'The maximum number of requests that can be served by the cPanel service daemon at one time (Keep this as low as possible to limit potential denial of service attacks).'
maxmem:
label: Max cPanel process memory
help: 'The maximum memory a cPanel process can use before it is killed off. This setting’s minimum value depends on the number of cPanel accounts on the system.'
undef: Unlimited
modsec_keep_hits:
label: The number of days to keep records of ModSecurity™ rule hits. (Use zero to keep forever).
help: ""
mycnf_auto_adjust_maxallowedpacket:
label: Allow cPanel & WHM to determine the best value for your database service's max_allowed_packet configuration?
help: 'cPanel & WHM will adjust the max_allowed_packet value during each database server restart, if a change is necessary.'
mycnf_auto_adjust_openfiles_limit:
label: Allow cPanel & WHM to determine the best value for your database service's open_files_limit configuration?
help: 'cPanel & WHM will use your total number of tables to adjust the open_files_limit value during each database server restart.'
mycnf_auto_adjust_innodb_buffer_pool_size:
label: Allow cPanel & WHM to determine the best value for your database service's innodb_buffer_pool_size configuration?
help: 'cPanel & WHM will use your total number of tables to adjust the innodb_buffer_pool_size value during each database server restart.'
maintenance_rpm_version_check:
label: Maintenance cPanel RPM Check
help: Enable this option to have the system check cPanel RPMS for problems during the maintenance script. If there are problems, the system will notify the administrator.
maintenance_rpm_version_digest_check:
label: Maintenance cPanel RPM Digest Check
help: Enable this option to have the system use digest verification during its maintenance script. This ensures that RPM package files are not corrupt and that nothing has tampered with them.
nobodyspam:
label: 'Prevent “nobody” from sending mail'
help: 'Prevent the user “nobody” from sending out mail to remote addresses<br /><b>(PHP and CGI scripts generally run as “nobody” if you are using mod_php or have Suexec disabled.)</b>'
nosendlangupdates:
label: Send language file changes to cPanel
numacctlist:
label: 'Number of accounts per page to display in “List Accounts”.'
undef: All
file_usage:
label: 'Display File Usage information in the cPanel stats bar (inode count)'
display_cpanel_promotions:
label: 'Display announcement banner.'
help: 'Display a banner promoting new cPanel features. The user can dismiss this banner.'
display_upgrade_opportunities:
label: 'Display Upgrade Opportunities column in “List Accounts”.'
rpmup_allow_kernel:
label: 'Enable Linux kernel update during nightly maintenance.'
help: 'Each night, WHM updates your system software but does <strong>not</strong> update the kernel. If you select <em>On</em>, WHM <strong>will</strong> update the kernel. When you log in, WHM will notify you that your system requires a reboot.'
php_max_execution_time:
label: cPanel PHP max execution time
help: 'This will only apply to PHP processes.'
php_memory_limit:
label: cPanel PHP memory limit
php_post_max_size:
label: cPanel PHP max POST size
php_upload_max_filesize:
label: cPanel PHP max upload size
phploader:
label: cPanel PHP loader
popbeforesmtpsenders:
label: Add X-PopBeforeSMTP header for mail sent via POP-before-SMTP
help: 'Include a list of POP-before-SMTP senders in the X-PopBeforeSMTP header when relaying mail.'
popbeforesmtp:
label: 'Allow users to relay mail if they use an IP address through which someone has validated an IMAP or POP3 login within the last hour (Pop-before-SMTP)'
help: 'Provides the IMAP/POP before SMTP authentication method. You must enable RecentAuthedMailIpTracker in the Service Manager for this functionality to work. However, we recommend that you do not enable this option, and you should instead use SMTP authentication on modern systems.'
proxysubdomains:
label: Service subdomains
help: 'Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk, cpcalendars, cpcontacts, and whm subdomains to the correct port (requires mod_rewrite, mod_headers, and mod_proxy)'
autodiscover_proxy_subdomains:
label: Thunderbird and Outlook autodiscover and autoconfig support (enables service subdomain and SRV record creation)
help: 'Automatically create autodiscover and autoconfig service subdomains as well as the autodiscover SRV records needed for Outlook and Thunderbird email auto configuration for local domains.'
autodiscover_mail_service:
label: Preferred mail service to configure to use for Thunderbird and Outlook autodiscover and autoconfig support
help: 'Choose to advertise IMAP or POP3 via autodiscovery.'
autodiscover_host:
label: Host to publish in the SRV records for Outlook autodiscover support.
help: 'If you have an SSL enabled host with a CA signed SSL certificate on this server and want to use it instead of the cPanel provided server, enter the FQDN that has a CA signed SSL certificate here.'
overwritecustomsrvrecords:
label: Overwrite custom SRV records used by Outlook AutoDiscover support
help: 'When enabled, this setting will remove custom SRV records when Outlook AutoDiscover support is added or removed.'
overwritecustomproxysubdomains:
label: Overwrite custom A records used for service subdomains
help: 'If you enable this setting, then custom A records that match service subdomains will be removed when you add or remove service subdomains.'
proxysubdomainsoverride:
label: Service subdomain override
help: 'Allow users to create cpanel, webmail, webdisk, cpcalendars, cpcontacts, and whm subdomains that override automatically generated service subdomains'
publichtmlsubsonly:
label: Restrict document roots to public_html
help: 'This option mandates that document roots for all newly-created websites must reside under the document root for the account’s primary website. This option does not apply when you transfer or restore accounts.'
share_docroot_default:
label: Share the document root by default when creating a domain
help: 'Check the “Share document root” box by default on the “Create a New Domain” page in cPanel.'
referrerblanksafety:
label: Blank referrer safety check
help: 'Only permit cpanel/whm/webmail to execute functions when the browser provides a referrer. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.'
referrersafety:
label: Referrer safety check
help: 'Only permit cpanel/whm/webmail to execute functions when the browser provided referrer (Domain/IP and Port) exactly matches the destination URL. This will help prevent XSRF attacks but may break integration with other systems, login applications, and billing software. Cookies are required with this option enabled.'
remotewhmtimeout:
label: Remote WHM timeout
help: 'Specify the timeout for connections between this server and other remote WHM servers.'
repquota_timeout:
label: Disk usage/quota bailout time
help: 'Maximum time that the system is permitted to spend fetching diskusage and quota information before it considers the data unavailable.'
requiressl:
label: Require SSL for cPanel Services
help: 'This option forces the server to redirect unencrypted cPanel, Webmail, WHM, and DAV requests to secure ports according to the SSL redirection settings. If “Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs” is enabled, the system will redirect to the best matched certificate for the domain. If “Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs” is disabled, the system will redirect to the https:// URL for the domain, even if no valid certificate exists for the domain.'
resetpass:
label: Reset Password for cPanel accounts
help: 'Allow cPanel users to reset their password via email.'
resetpass_sub:
label: Reset Password for Subaccounts
help: 'Allow Subaccount users to reset their password via email.'
rotatelogs_size_threshhold_in_megabytes:
label: Log rotation size threshold
help: Threshold above which cpanellogd will rotate log files.
send_error_reports:
label: 'Send error reports to cPanel for analysis'
help: 'Help guide development of cPanel & WHM by sending information about errors that occur. Read our <a href="https://go.cpanel.net/datapolicy" target="_blank">Server Usage Analysis Data Collection Policy</a> for more information.'
showwhmbwusageinmegs:
label: Show bandwidth usage in megabytes by default in WHM
skipanalog:
label: 'Enable Analog stats'
skipawstats:
label: 'Enable Awstats stats'
skipboxcheck:
label: 'Enable mailbox usage warnings'
skipboxtrapper:
label: 'Enable BoxTrapper spam trap'
emailarchive:
label: 'Enable Email Archiving support'
skipbwlimitcheck:
label: Bandwidth limit check
help: 'Automatically suspend HTTP service for accounts that exceed their bandwidth limit. Disabling this will disable all bandwidth notifications and treat all accounts as having unlimited bandwidth.'
notify_expiring_certificates:
label: Send notifications when certificates approach expiry.
help: 'Send a notification when an SSL certificate expires soon. The system will only send a notification for an AutoSSL-provided certificate if that certificate fails to renew. To manage who will receive these notifications, please update AutoSSL options found at <em>Home »SSL/TLS »Manage AutoSSL</em>.'
skipdiskcheck:
label: Disk quota usage warnings
help: 'Enable Disk Quota Usage Warnings'
skipoomcheck:
label: Out of memory warnings
help: 'Enable Out of memory (OOM) Warnings'
skipdiskusage:
label: System disk space usage warnings
help: 'Enable System Disk Space Usage Warnings'
disable-php-as-reseller-security:
label: Allow PHP to be run when logged in as a reseller to WHM
help: 'Special care should be taken when enabling this functionality since PHP will be running as root. Any application you permit to run under this setup should make special security considerations to avoid catastrophe.'
permit_appconfig_entries_without_acls:
label: This setting allows WHM applications and addons to execute even if an ACL list has not been defined.
help: 'Enabling this option will permit WHM apps and addons to run without an ACLs list defined in their AppConfig file.'
permit_appconfig_entries_without_features:
label: This setting allows cPanel and Webmail applications and addons to execute even if a feature list has not been defined.
help: 'Enabling this option will permit cPanel and Webmail apps and addons to run without an feature list defined in their AppConfig file.'
permit_unregistered_apps_as_reseller:
label: Allow apps that have not registered with AppConfig to be run when logged in as a reseller to WHM.
help: 'This option was introduced in cPanel 11.38.1 to provide additional visibility of installed apps and addons and the privilege level at which they are installed. This forces apps and addons to register with AppConfig before WHM will execute them when logged in as a reseller.'
permit_unregistered_apps_as_root:
label: Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM.
help: 'This option was introduced in cPanel 11.38.1 to provide additional visibility of installed apps and addons and the privilege level at which they are installed. This forces apps and addons to register with AppConfig before WHM will execute them when logged in as root or a reseller with the "all" ACL.'
skipmailman:
label: Enable Mailman mailing lists
skipnotifyacctbackupfailure:
label: 'Send a notification when a user’s backup has errors'
skipparentcheck:
label: Allow other applications to run the cPanel and admin binaries
help: 'If this setting is off, only cpsrvd will be able to run cPanel and the admin binaries.'
skiproundcube:
label: 'Enable Roundcube webmail'
skipspamassassin:
label: Enable Apache SpamAssassin™ spam filter
skipspambox:
label: 'Enable Apache SpamAssassin™ Spam Box delivery for messages marked as spam (user configurable)'
skipwebalizer:
label: 'Enable Webalizer stats'
smtpmailgidonly:
label: Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)
help: Enabling this feature will redirect outgoing SMTP connections to the local mail server. root, exim, and mailman are still allowed to make direct connections.
ssh_host_key_checking:
label: Enable strict SSH host key checking
help: "Require that outgoing SSH connections made by cPanel & WHM verify the remote system's key. This setting helps to protect against man-in-the-middle attacks.<br />When you enable this setting, every remote system that is connected to via SSH must have a valid key in the /etc/ssh/ssh_known_hosts file.<br />If you set this value to \"dns\", the remote system has SSHFP records in a DNSSEC-signed zone, and the local system uses EDNS0 resolving, use these records to validate the remote system. If you set this value to \"dns\" but the system does not use SSHFP records in a DNSSEC-signed zone or does not use ENDS0 resolving, the system will act as though the option were set to \"enabled\"."
statsloglevel:
label: Stats log level
help: 'Larger numbers indicate more debug information in /usr/local/cpanel/logs/stats_log.'
tcp_check_failure_threshold:
label: ChkServd TCP check failure threshold
help: 'The number of times a ChkServd TCP check must fail before notification is sent and the service is restarted. On heavily loaded systems these types of service checks fail occasionally, producing erroneous indications that services are down. A value of 3 or higher is recommended for most systems.'
undef: Disable notifications and restarts from TCP checks
update_log_analysis_retention_length:
label: 'Update analysis retention interval'
help: 'This option allows you to specify how long you wish to keep the update analysis files you send cPanel.'
undef: Save indefinitely
custom:
0: Disable message retention
use_apache_md5_for_htaccess:
label: Use MD5 passwords with Apache
help: 'Use MD5 encoded passwords in Apache htpasswd files. When this option is disabled, crypt-encoded passwords are used. Crypt-encoded passwords are limited to a maximum length of 8 characters, while MD5-encoded passwords may be any length.'
jailapache:
label: "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell."
help: "If mod_ruid2 is compiled in via EasyApache, mod_ruid2 is enabled, and a user has their shell set to jailshell or noshell, enabling this option will chroot() a user's Apache Virtual Host into the cPanel® jailshell environment. Each user will require 14 bind mounts. While modern Linux supports a very large number of bind mounts, many processes read /proc/mounts. Reading /proc/mounts can be quite expensive when it becomes large."
use_information_schema:
label: Use INFORMATION_SCHEMA to acquire database disk usage
help: 'Using INFORMATION_SCHEMA ensures that disk usage by database tables is included in totals. However, enabling this option may cause a significant drop in performance as your database server may become unresponsive until data collection is complete. Disabling this option causes the system to query the filesystem directly, potentially excluding disk space used by some database tables. Note: If you use a remote database server, you must turn this setting On in order to calculate database disk usage.'
useauthnameservers:
label: Always use authoritative (registered) nameservers when creating a new DNS zone.
help: 'When adding a new domain, if the domain is already registered, ignore the configured nameservers, and set the NS line to the authoritative (registered) ones.'
usemailformailmanurl:
label: Prefix “mail.” onto Mailman URLs
help: 'Add the mail. prefix for mailman URLs (ie http://mail.domain.com/mailman)'
usemysqloldpass:
label: Use pre-4.1-style MySQL<sup>®</sup> passwords
help: 'Use old style (4.0) passwords with MySQL<sup>®</sup> 4.1+ (required if you have problems with PHP apps authenticating)'
email_account_quota_userdefined_default_value:
label: Default user-defined quota value for new email accounts
help: 'This is the value that is prefilled in the quota box for new email accounts on supported themes'
email_account_quota_default_selected:
label: Default quota option for new email accounts
help: 'This determines which option is preselected in the interface used to add new email accounts in cPanel on supported themes'
optionlabels:
unlimited: Unlimited
userdefined: User-defined
exim_retention_days:
label: The interval, in days, to retain Exim stats in the database
help: ""
transfers_timeout:
label: Number of seconds an SSH connection related to an account transfer may be inactive before timing out
help: ""
signature_validation:
label: 'Signature validation on assets downloaded from cPanel & WHM mirrors.'
help: 'When you select a keyring type, signatures will be downloaded and verified against the type of keyring selected. Official releases are signed with the Release keyring. The Development keyring is used for test builds only and is not as safe. All signature validation will be turned off when you select the ‘Off’ option.'
verify_3rdparty_cpaddons:
label: 'Verify signatures of 3rdparty cPaddons.'
help: 'When this option is enabled, cPanel will verify GPG signatures of all 3rdparty cPaddons. This setting is only available if Signature Validation is enabled.'
ssl_default_key_type:
label: 'Default SSL/TLS Key Type'
help: 'The type of key that the system will create by default for SSL/TLS certificates and signing requests.'
selfsigned_generation_for_bestavailable_ssl_install:
label: 'Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains.'
help: 'When you create a new domain, cPanel will apply the best available certificate (CA signed); otherwise cPanel will apply a self-signed SSL certificate and request a new certificate via AutoSSL if it is enabled. Warning: If you disable this option, and a CA signed certificate is not available, when a user attempts to visit the newly created domain over https, the user will see the first SSL certificate installed on that IP address. Warning: If you enable this option and do not have a CA signed certificate or AutoSSL enabled, Google search results may point to the SSL version of the site with a self-signed certificate, which will generate warnings in the users’ browser. To avoid both of these concerns, we strongly recommend that you enable AutoSSL.'
mailbox_storage_format:
label: The mailbox storage format for new accounts
help: '<a href="https://go.cpanel.net/dovecot_docs_dbox">Mdbox</a> or <a href="https://go.cpanel.net/dovecot_docs_maildir">Maildir</a><br />Transferred or restored accounts will retain their mailbox format settings.'
web_log_retention_days:
label: Number of days to retain web server logs before purging them
help: A value of 0 will retain logs indefinitely.
upcp_log_retention_days:
label: 'Number of days to retain upcp logs before purging them'
help: 'These files can be found in the /var/cpanel/updatelogs directory.'
xframecpsrvd:
label: 'Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd'
help: 'Use the X-Frame-Options HTTP response header to indicate whether a browser can render a page in a <frame>, <iframe> or <object> tag. This allows websites to ensure that their contents are not embedded into other sites, to avoid clickjacking attacks.<br />The server uses the X-Content-Type-Options response HTTP header to indicate that the MIME types in the Content-Type headers should not be changed or followed.<br />When you enable this option, the system adds the X-Frame-Options header, with a value of SAMEORIGIN, and the X-Content-Type-Options header, with a value of nosniff, to cpsrvd responses.'
disable_cphttpd:
label: 'Prevent cpsrvd from serving standard HTTP ports'
help: 'This setting prevents cpsrvd from taking over the standard HTTP ports if you disable the system’s “Web Server” role. This action renders any cPanel & WHM features that depend on the standard HTTP ports partially or entirely unusable. These features include service subdomains, AutoSSL, Mailman, and BoxTrapper.'
show_reboot_banner:
label: 'Display a message to reboot the server after essential software updates.'
help: 'Set this option to Off to prevent a message that encourages rebooting your server. <b>Note</b>: Disabling the reboot warning can cause security concerns to be unaddressed.'
default_pkg_max_emailacct_quota:
label: Default maximum email quota for new packages
help: 'This value applies to new packages when the package creator lacks the “Create Packages with Unlimited Features” ACL. This logical default value for new packages preserves backward API compatibility when the user does not provide a value.'
default_pkg_quota:
label: Default disk usage quota for new packages
help: 'This value applies to new packages when the package creator lacks the “Create Packages with Unlimited Disk Usage” ACL. This logical default value for new packages preserves backward API compatibility when the user does not provide a value.'
default_pkg_bwlimit:
label: Default bandwidth limit for new packages
help: 'This value applies to new packages when the package creator lacks the “Create Packages with Unlimited Bandwidth” ACL. This logical default value for new packages preserves backward API compatibility when the user does not provide a value.'
skipfirewall:
label: Do not make changes to the firewall during account modification.
help: 'By default, the system makes changes to the firewall when an account is modified. When enabled, this setting disables the corresponding changes to the firewall. The server administrator will need to perform any necessary changes to the firewall.'
skip_rules_added_by_configure_firewall_for_cpanel:
label: Do not make changes to the firewall via scripts/configure_firewall_for_cpanel.
help: 'By default, cPanel adds firewall rules to ensure that cPanel ports are open. When enabled, this setting disables adding these rules to the firewall.'
enforce_user_account_limits:
label: 'Enforce user account limits for resellers with the “Account Modification” ACL.'
help: 'The “Account Modification” ACL allows resellers to bypass their user account limits. Enabling this setting prevents resellers from creating more accounts than allowed.'
enable_api_log:
label: Enable cPanel API Log
help: 'This setting allows you to log successful or failed cPanel API 1, successful cPanel API 2, and successful UAPI function calls. We store this log in the /usr/local/cpanel/logs/api_log file.'
create_account_dmarc:
label: 'Enable <acronym title="Domain-based Message Authentication, Reporting & Conformance">DMARC</acronym> on domains for newly created accounts'
help: 'This setting requires <acronym title="Sender Policy Framework">SPF</acronym> and <acronym title="DomainKeys Identified Mail">DKIM</acronym> to be enabled.'