Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 64

(Home >> Service Configuration >> Apache Configuration >> Global Configuration)

Overview

This feature allows you to adjust several of the Apache web server's advanced features. Many of these directives require that you format your entry in a specific way. Click a directive name to view its documentation on the Apache website.

Global Configuration

To configure the advanced features of the Apache web server, use the following directives:

DirectiveDescriptionDefault Settings
SSL Cipher Suite

Sets the OpenSSL ciphers that Apache uses.

Note:

We recommend that you use this directive's default setting to adjust your server for PCI compliance. For more information about PCI compliance, read our PCI Compliance and Software Versions documentation.

By default,  cPanel & WHM uses the following cipher list for web services:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

SSL/TLS ProtocolsDetermines the SSL and TLS protocols that the client and server negotiate during the SSL/TLS handshake phase.All -SSLv2 -SSLv3
LogLevelSets the verbosity of the error log.warn
Trace EnableAllows or disallows TRACE requests.On
Server SignatureDetermines whether server information appears in error results and other information that the server generates.Off
Server Tokens

Determines the amount of information that Apache provides to visitors in Server HTTP response headers.

Full
File ETag

Determines the amount of information that Apache provides to visitors who request a file via HTTP.

  • ETags display meta information to visitors who request a file. 
  • This directive can potentially reduce server load and increase load speed.
All
Directory "/" OptionsSets several options that pertain to the root (/) directory.ExecCGI
FollowSymLinks
IncludesNOEXEC
Indexes
SymLinksIfOwnerMatch
Start ServersDefines the number of child server processes that Apache creates when it starts.5
Minimum Spare Servers

Sets the minimum number of idle child server processes. Only configure this number for very busy servers.

Notes:

  • To configure this setting in EasyApache 3, you must build Apache with the MPM ITK module or the MPM Prefork module.  
  • To configure this setting in EasyApache 4, you must install the MPM Prefork module.
5
Maximum Spare Servers

Sets the maximum number of idle child server processes. Only configure this number for very busy servers.

Notes:

  • To configure this setting in EasyApache 3, you must build Apache with the MPM ITK module or the MPM Prefork module. 
  • To configure this setting in EasyApache 4, you must install the MPM Prefork module.
10
Server LimitDefines the maximum configured value for the MaxClients directive (the MaxRequestWorkers directive in Apache 2.4) for the lifetime of the Apache process.256
Max Clients

Sets the limit on the number of simultaneous requests that Apache serves. You can enter a number equal to or lower than the value of the ServerLimit setting (the MaxRequestWorkers directive in Apache 2.4).

Notes:

  • To configure this setting in EasyApache 3, you must build Apache with the MPM ITK module or the MPM Prefork module. 
  • To configure this setting in EasyApache 4, you must install the MPM Prefork module.
150
Max Requests Per Child

Sets the limit on the number of requests that an individual child server process handles. After the child server processes a MaxRequestsPerChild number of requests, the child server process terminates. If the MaxRequestsPerChild setting equals 0, the child server process never expires.

This is the MaxConnectionsPerChild directive in Apache 2.4.

Notes:

  • To configure this setting in EasyApache 3, you must build Apache with the MPM ITK module or the MPM Prefork module. 
  • To configure this setting in EasyApache 4, you must install the MPM Prefork module.
10000
Keep-AliveEnables long-lived HTTP sessions, which allow you to send multiple requests over the same TCP connection. This directive can reduce load times for HTML documents with many images.Off
Keep-Alive TimeoutDefines the number of seconds that Apache waits for a subsequent request before Apache closes a connection.5
Max Keep-Alive RequestsLimits the number of requests that a TCP connection can make when you enable the KeepAlive directive. If you do not wish to limit KeepAlive directive requests, set this value to 0.100
TimeoutDefines the amount of time (in seconds) that Apache waits for certain events before Apache fails a request.300
Symlink ProtectionEnables the Symlink Protection patch, which helps to improve Apache's ability to detect a race condition.Off

Note:

Make certain that you and your users do not require a directive before you disable it.

After you update the desired configuration options, click Save. A new interface will appear. Click Rebuild Configuration and Restart Apache.

To undo any of your changes, click Reset.

Manually edit Apache features

To manually configure the advanced features of the Apache web server, perform the following steps:

  1. Log in to your server as the root user via SSH.

  2. Open the /var/cpanel/conf/apache/local file and locate the setting that you wish to edit. For example:

     "servertokens": 'Full'
    
  3. Enter the desired value for that setting. For example:

     "servertokens": 'Min[imal]'

    For a complete list of each feature's valid values, read Apache's Directive Quick Reference documentation.

  4. Run the /scripts/rebuildhttpdconf script to rebuild the httpd configuration file.
  5. Restart Apache with the /usr/local/cpanel/scripts/restartsrv_httpd script.

Additional documentation