Apache httpd’s mod_userdir makes URLs like “http://example.com/~fred” resolve to the indicated user’s (for example, the user “fred”’s) primary web virtual host.
In the above scenario, the transferred data counts against the bandwidth limit for the user that owns “example.com”, not against “fred”’s bandwidth limit. This is often an undesirable behavior.
WHM’s mod_userdir Protection feature addresses this problem by restricting mod_userdir to URLs whose users own the URL’s domains.