What is WSA?
Overview of the Web Site Accelerator module — how it works, benefits, and cPanel integration.
WSA (Web Site Accelerator) is a cPanel/WHM module that places nginx as a reverse cache in front of Apache. The result: pages, scripts, styles, images, and other site assets are cached at the server level and served at full speed to subsequent visitors — no Apache call, no PHP execution, no database hit.
WSA is developed and maintained by Astral Internet since 2019.
1. The problem WSA solves
On a standard cPanel server, every HTTP request must traverse the full execution stack:
Browser → Apache → PHP-FPM → MySQL → ... → responseFor a typical WordPress page, this chain represents 100 to 500 ms of server work, several SQL queries, and memory allocated for each visit — even when the content hasn't changed since the previous request.
On a high-traffic site or a server hosting many accounts, this repetition creates:
- slow response times for visitors;
- constant CPU and memory load;
- latency spikes when the database is hit;
- degraded visitor experience during traffic peaks.
2. The solution WSA provides
WSA inserts nginx as a caching layer between the visitor and Apache:
┌─ Cache HIT → instant response
Browser → nginx (WSA) ─┤
└─ Cache MISS → Apache → ... → response
↓
cache storageWhen a visitor requests a page, nginx first checks whether it has a recent copy:
- Cache HIT — the copy is served directly by nginx in a few milliseconds, without touching Apache, PHP, or the database.
- Cache MISS — Apache generates the response normally; nginx stores it for the next identical requests before passing it to the visitor.
How nginx knows when to serve from cache
WSA intelligently handles several cases:
- Cache TTL — Each response has a validity duration (5 min, 1 h, 1 day, etc.) configurable per content category.
- Cookie bypass — Requests with certain cookies (logged-in user, shopping cart, session) automatically bypass the cache.
- URI bypass — Certain URLs (admin, checkout, preview) are never cached.
- Per-category variations — Dynamic pages, CSS/JS files, and images can have different cache durations.
3. Measurable benefits
Speed
An uncached WordPress page typically loads between 200 ms and 1 s. The same page served from WSA responds in 5 to 20 ms. For the visitor, that's the difference between "slow" and "instant".
Server capacity
On a server hosting 500+ cPanel accounts, introducing WSA can reduce Apache and PHP-FPM load by 60 to 90 % on popular sites. The freed resources let you host more accounts without performance degradation.
Traffic spike resistance
When a site is shared on social media or appears in the news, WSA absorbs the wave — Apache only serves the requests that pass through the cache, typically new unique visitors.
Resource savings
Fewer CPU cycles, fewer SQL queries, less PHP memory used. On a dedicated server or VPS, that's operational headroom; on shared hosting, it's more clients possible per server.
4. Compression — Gzip and Brotli
WSA enables two compression algorithms on text files (HTML, CSS, JavaScript, JSON, SVG, fonts…):
Gzip
Standard for ~20 years, supported by all browsers. Compresses text files to about 70% of their original size.
Brotli
Modern algorithm developed by Google, supported by all recent browsers. 15 to 25% more efficient than Gzip on text files. Brotli is compiled as a dynamic nginx module by WSA itself, from official source code — no third-party RPM package needed.
Serving both automatically
WSA automatically sends the right format to each visitor: Brotli to browsers that support it, Gzip to others. The visitor never notices; bandwidth usage drops naturally.
This also translates into load time for visitors on slow connections — a 100 KB CSS file compressed with Brotli is only 25-30 KB over the network.
5. HTTP/3 — the next generation Web
On modern distributions (EL 9 and EL 10), WSA can compile nginx with HTTP/3 (QUIC) support.
What is HTTP/3?
HTTP/3 is the third-generation Web protocol, successor to HTTP/2. Its main advantages:
- Faster connection — HTTP/3 uses UDP and can establish a connection in a single network round-trip, vs 2 to 3 for HTTP/2 over TLS.
- No head-of-line blocking — Multiple parallel requests no longer block each other if a single packet is lost.
- Mobile-friendly — Network switches (WiFi → 4G, for instance) no longer interrupt the connection.
How it's enabled in WSA
The server administrator clicks Build HTTP/3 in the Nginx Build & Modules tab of WHM. WSA:
- Downloads official nginx and QuicTLS sources.
- Verifies SHA256 checksums to guarantee integrity.
- Compiles a custom nginx binary with
--with-http_v3_module. - Replaces the system binary, keeps a backup copy.
- Opens UDP/443 in the firewall (CSF or firewalld).
- Restarts nginx.
Once installed, the administrator then enables QUIC emission per vhost (sends listen 443 quic; + Alt-Svc header). Visitors on modern browsers automatically switch to HTTP/3; others stay on HTTP/2.
Build security
The module watches new nginx releases in the background (CVE-2026-42926, CVE-2026-40460, etc.) and offers automatic rebuild when a security patch is published. The administrator keeps full control: no rebuild triggers without their agreement.
6. Complete integration without breaking sites
This is probably the most important quality of WSA: the installation affects no existing site. No client needs to modify their code, .htaccess, cookies, themes, or extensions.
Automatic detection
WSA automatically detects sensitive configurations:
- WordPress sites — Logged-in users bypass cache (
wordpress_logged_in_*cookies detected). - WooCommerce — Cart, checkout, and customer account bypass cache (
woocommerce_cart_hashcookies,/cart,/checkout,/my-accountURIs). - Various e-commerce sites — PrestaShop, Magento, OpenCart patterns are pre-configured.
- Generic PHP —
PHPSESSIDand equivalent cookies are recognized.
Security by default
A page containing one user's personal data is never cached and served to another:
- If a session cookie is present, the request bypasses the cache.
- If the response contains
Set-Cookie, the response is not stored. - If the application sends
Cache-Control: no-cacheorCache-Control: private, by default WSA respects the directive.
Transparent migration
On an existing server with 500+ production sites, installing WSA:
- Modifies no files in cPanel accounts.
- Doesn't interrupt Apache — the transition is done by port switching (Apache moves from 80/443 to 8080/8443, nginx takes the public ports).
- Doesn't touch SSL certificates — WSA reads certificates already installed by AutoSSL or Let's Encrypt.
- Preserves custom HTTP headers emitted by applications.
Reversibility
If for any reason WSA needs to be uninstalled, the operation fully restores the original Apache configuration. cPanel accounts don't notice — their sites continue to work as before.
7. Protection against unwanted bots
WSA includes a User-Agent filtering layer that blocks, at the nginx level, requests from bots that consume resources without benefiting sites:
| Category | Examples | Blocked by default |
|---|---|---|
| AI training crawlers | GPTBot, ClaudeBot, Bytespider, CCBot | ✅ |
| Vulnerability scanners | Nikto, sqlmap, Wfuzz, ZAP | ✅ |
| Fake User-Agents | non-existent Chrome, impossible Firefox | ✅ |
| Empty User-Agent | requests with no User-Agent header |
✅ |
| AI search assistants (live lookup) | ChatGPT lookup, Perplexity | ❌ (allowed) |
| AI user tools | AI browser extensions | ❌ (allowed) |
| SEO spiders | AhrefsBot, SemrushBot, MJ12bot | ❌ (allowed) |
Each administrator can modify these lists globally from WHM; each cPanel customer can override the server policy on their own domains (allow a globally-blocked bot, or block a globally-allowed bot).
Measurable resource savings
On a server with 500+ WordPress sites, filtering AI bots alone typically represents 5 to 15% saved bandwidth and equivalent server load freed — with no negative impact on real visitors or legitimate search-engine ranking (Google, Bing, DuckDuckGo are never blocked).
8. Three-layer architecture
WSA is deliberately modular:
┌─────────────────────────────────────────────────────────┐
│ WHM (administrator) │
│ /usr/local/cpanel/whostmgr/docroot/cgi/wsa/ │
│ - Global server configuration │
│ - nginx modules (Brotli, HTTP/3) │
│ - Account inventory + bulk actions │
└────────────────────────┬────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ Module core │
│ /etc/wsa/ │
│ - wsad daemon (config change monitoring) │
│ - Internal cron tasks │
│ - nginx configuration generation │
│ - SQLite database (settings, state) │
└────────────────────────┬────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ cPanel (end customer) │
│ /usr/local/cpanel/base/frontend/jupiter/wsa/ │
│ - Per-cPanel-account configuration │
│ - Simple or advanced mode │
│ - Per-domain and per-subdomain customization │
└─────────────────────────────────────────────────────────┘The administrator always has the final word on global policy, but each customer can customize their own domains within the defined limits.
9. Summary
| Benefit | For whom? |
|---|---|
| Faster sites (5-20 ms cached vs 200-1000 ms) | Site visitors |
| Less Apache/PHP/MySQL load (60-90% less) | Server administrator |
| Transparent Brotli and Gzip compression | Visitors and server |
| HTTP/3 on EL 9 and EL 10 | Visitors (reduced latency, mobile) |
| Protection against unwanted bots | Everyone (less spam, less load) |
| Per-domain configuration in cPanel | Server customers |
| No modifications required in sites | Server customers |
| Install and uninstall without breaking sites | Server administrator |
Further reading
- Installation and prerequisites — How to install WSA on your cPanel server.
- WHM configuration — The administrator panel.
- cPanel configuration — The customer panel.
- Optimization — Get the most out of WSA.