A real WAF in front of Apache — not just a rule set.
Blocks attacks before they reach Apache and explains every block in plain English — right inside cPanel. From US$11/server/month.
Attacks stopped server-side, before Apache.
No DNS changes, no per-domain config, nothing routed off your server. Standard rules apply automatically to every domain on the server, with per-domain exceptions when you need them.
Pre-Apache request filtering
- pxShield runs as a dedicated security layer in front of Apache
- Malicious traffic is dropped before it hits the web server
- Apache stops wasting CPU and RAM on attack traffic
- No DNS changes, no per-domain config — nothing routes off your server
AI-explained blocks
- Plain-English reason for every blocked request — streamed on click
- Tier-1 support resolves false positives without paging a senior admin
- Cuts the back-and-forth between hosting support and end customers
- Available in WHM and inside the customer cPanel dashboard
Customer-facing cPanel dashboard
- A 'Site Protection' tile lands in every cPanel account automatically
- Live attacks blocked per domain — timeline, top types, top countries
- Click any blocked request for an AI-streamed explanation
- Bilingual EN/ES, switchable in one click — zero customer setup
WHM admin dashboard
- Live request graph for the last 180 minutes
- 30-day blocked-attacks history for trend reporting
- Top blocked IPs, most-targeted domains, top attack types
- Last 10 attacks with full request detail and AI explainer
Light on your server
- Filters attack traffic before it ever reaches Apache
- Apache spends CPU on real visitors, not bots and probes
- Serves static files directly instead of waking PHP
- A leaner request path is a side effect of the security layer
Server-wide protection by default
- Standard rules apply automatically to every domain on the server
- No per-site activation, no agent install on customer accounts
- Per-domain customisation and exceptions available when you need them
- Roll out across a fleet of servers via Ansible or one curl line
Threat intelligence
- Per-IP attack ranking — find the persistent offenders fast
- Geographic insight (top countries) for region-based mitigation
- Most-targeted domains so you know which clients are under pressure
- Useful proof when communicating proactively with end customers
Battle-tested and fully tunable
- Proven in production on thousands of cPanel accounts
- Adjust any rule or add exceptions directly from the UI
- AI-assisted false-positive triage keeps tier-1 support unblocked
- Uninstall in one command — no config rewrites left behind
Attack categories blocked
Stopped server-side, before Apache hands the request to the application.
- SQL injection
- Cross-site scripting (XSS)
- Command injection
- Directory traversal
- Brute-force attacks
- Web shells
- Malicious file uploads
- Bot scraping & probing
- Zero-day attacks
- Credential stuffing
Everything mod_security does — minus the headaches.
cPanel ships mod_security by default. pxShield replaces it with the same on-server protection — without the CRS tuning, the false-positive guesswork, or the blind spots.
mod_security (ships with cPanel)
- Hand-edit config files and OWASP CRS rules
- Runs inside Apache — CPU cost on every request
- False positives mean digging through raw logs
- Invisible to your end customers
- Signature / rule-set matching only
Pyxsoft pxShield
- Adjust any rule or add exceptions from the UI
- Runs as a separate layer — doesn't tax Apache on every request
- Every block explained in plain English by AI
- Per-domain "Site Protection" dashboard in cPanel
- Anti-evasion heuristics catch obfuscated payloads
Both run entirely on your own server — no cloud, no DNS changes, nothing routed off your box. pxShield just does the job better.
Your customers see security working.
Most security tools are invisible to your end customers — until something breaks. pxShield installs a Pyxsoft-branded WAF dashboard right inside their cPanel. Every login, they see the protection they're paying you for.
Live attack visibility — per domain
Each customer logs into cPanel and sees the attacks blocked on their own sites. Daily timeline, top attack types, top countries, top blocked IPs.
AI explanations on demand
Customer clicks any blocked request and reads a plain-English explanation streamed by Pyxsoft AI. The support ticket they were about to file? They close the tab instead.
Bilingual, zero-config
English and Spanish out of the box, switchable in one click. Auto-detects every domain on the account. Nothing for the customer to configure.
Live protection from the first request.
One curl line and pxShield starts protecting every domain on the server — proven in production on thousands of cPanel accounts. Need to tune something? Adjust any rule or add exceptions from the UI. 7-day free trial, no credit card.
curl -s https://www.pyxsoft.com/install-cpanel | bashPyxsoft pxShield — US$11 per server.
Flat per-server price, unlimited sites and users. No DNS changes, no per-domain fees — everything runs on your own server.
About Pyxsoft pxShield.
Need a firewall too? Pyxsoft Firewall is free.
A modern WHM-native firewall built for nftables (with iptables compatibility). Open/close ports, manage IP allow/deny, and a built-in login-failure guard — no charge, no license, ships alongside the rest of the stack.
Block attacks before they reach Apache — on your next server.
7-day free trial. No credit card. Install in one curl line. Uninstall in one command.
curl -s https://www.pyxsoft.com/install-cpanel | bashcPanel/WHM on AlmaLinux · CloudLinux · Rocky Linux · RHEL · CentOS — versions 7, 8, 9 and 10.