System configuration screen

The System configuration screen lets you configure the basic settings for your Content Management system.

To access the System configuration screen

  1. Click system configuration

  2. Click System configuration from the menu.

    The System configuration screen loads.

To edit any of the settings values on the screen, perform the following steps:

  1. Click the Edit button.

    This acquires editing locks for the page.

    System administrators cannot edit every available setting presented.

    Some settings can only be changed by the root user.

    In the tables following, the User column lists the minimum user permissions required to edit the setting.

  2. Edit the settings values as desired.

    Although most settings have a default value, some do not.

    In the tables following, the Default value column uses the string, [blank], to denote settings that have no default value.

  3. Click the Save button.

    The new settings values are applied.

System settings

System settings effect the entire Squiz Content Management system.

Table 1. System settings
Setting Default value User Notes

System name

The system

Root

The name of the system.

This name is shown in the header section of the HTML source code created for the site.

The name is also displayed at the bottom of all emails sent to Squiz Content Management editors and administrators.

System owner

[blank]

Root

The owner of the system.

The owner’s name is shown in the header section of the HTML source code created for the site.

It is also displayed at the bottom of all emails sent to Squiz Content Management editors and administrators, so they know who to contact for assistance.

Admin mode suffix

_admin

System administrator

When this string is appended to a site URL, the admin UI is launched when the URL is loaded.

+ If the user is not logged-in, the sign-in page is loaded.

Inline edit mode suffix

_edit

System administrator

When this string is appended to a URL, the inline edit interface is launched when the URL is loaded.

Users with Content editor permissions or greater can access inline edit.

If the user is not logged-in, the sign-in page is loaded.

System sign-in suffix

_login

System administrator

When this string is appended to a site URL the login screen is presented when the URL is loaded.

After logging in, instead of going to the administration or inline edit mode, you will be returned to the page you were viewing.

System bypass cache suffix

_nocache

System administrator

When this string is appended to a site URL, the matrix-uncached version of the page is presented when the URL is loaded.

Using this suffix forces Squiz Content Management to serve the most recent version of the page to the user.

System bypass proxy cache suffix

_noproxycache

System administrator

When this string is appended to a site URL, the proxy-uncached version of the page is presented when the URL is loaded.

Using this suffix forces Squiz Content Management to ignore any Send cacheable headers settings. As well, the system will not send relevant headers (such as Cache-control, expires, and last-modified) when serving the page to the user.

System clear cache suffix

_recache

System administrator

When this string is appended to a site URL, the Squiz Content Management cache for the page is cleared and re-populated when the URL is loaded.

Relative HREFs generated when using _recache are meant to work for the actual URL without the suffix and will not work as expected when viewing with the suffix attached.

System performance mode suffix

_performance

System administrator

When this string is appeneded to a site URL, the Squiz Content Management performance mode is accessed when the URL is loaded.

System timezone

Australia/Sydney

System administrator

Sets the time-zone for the system.

Disable matrix attribution in designs

No (Off)

System administrator

When set to Yes, the running Matrix attribution is removed from the site’s source HTML.

Design assets must be regenerated before this option takes effect.

Enforce same origin frame security for backend

Yes (On)

System administrator

When set to Yes, the Squiz Content Management system adds the X-Frame-Options: SAMEORIGIN header to pages when the pages are loaded in admin or edit mode.

Only pages hosted on the same domain as the system can nest the admin or edit mode interfaces using frames.

Keeping this option enabled is strongly recommended.

Enforce same origin frame security for frontend

Yes (On)

System administrator

When set to Yes, the Squiz Content Management system adds the X-Frame-Options: SAMEORIGIN header to pages when frontend pages are loaded.

Only pages hosted on the same domain as the system can be nested using frames.

Keeping this option enabled is strongly recommended.

Render time threshold

30

System administrator

The number of seconds the Content Management System waits to bypass asset rendering.

The threshold is timed fromm the initial http request for the asset.

Indexable content size limit

2000000

System administrator

The number of bytes that constitute the maximum amount of content than can be indexed.

If the content exceeds this number, it will be truncated down the limit.

Allow trashing without lock

No (Off)

System administrator

When set to Yes, the Content Management System allows users to move assets to the trash without the user acquiring editing lock on the to-be-deleted asset.

System URL settings

System URL settings control the behaviour of system URLs.

Table 2. System URL settings
Setting Default value User Notes

System root URLs

[blank]

System administrator

This field defines the list of URLs that can access Squiz Content Management.

All site assets created within Squiz Content Management need a URL applied based on a URL listed in this field.

System root URLs must be added here before they (or any more specific URLs) can be used by a site asset.

You can enter as many URLs as you need.

Put each URL on a new line.

Only add the FQDN for each listed system root URL.

Do not specify the protocol (that is, http:// or https://)

System parent domains

[blank]

System administrator

Parent domains are examined when the system is setting the session cookie, and are useful if several system root URLs have a common parent domain.

If the current URL’s FQDN ends with one of the parent domains then the cookie will be set on the parent domain instead.

As a consequence the user’s session will persist across the parent domain and all its subdomains.

The common parent must be only one level up.

For example

  • a.example.com; and

  • b.example.com

will share a session cookie (which is created for example.com).

By contrast

  • one.a.example.com; and

  • two.b.example.com

will not share a session cookie because their common parent domain is two levels up.

System static URL

[blank]

Root

By default, Squiz Content Management rewrites URLs for publicly accessible and live file-based assets to be readable without loading PHP.

By entering a system static URL, you can tell Squiz Content Management to rewrite those URLs to an alternative location, which could be a different (and lightweight) piece of web server software on the same machine as the Squiz Content Management install or a completely different machine.

Leave this field blank to use the default Squiz Content Management behavior.

This is an advanced configuration option and requires specific web server configuration to operate correctly.

This option should only be used if instructed by Squiz.

Restricted file extensions through static root domain

[blank]

System administrator

This field sets the file extension types that will not be served through the system’s static URL, as specified in the previous system static URL field.

All file types specified in this field will not use the system’s static root domain (that is, \www.example.com) instead of the Squiz Content Management system root URL.

The System static URL will serve any file types not specified in this field.

Multiple file extensions listed in this field must be comma-separated.

Allow HTTP for static URL

Yes (On)

Root

When set to Yes static URLs for live, publicly-readable files can be served using the (insecure) HTTP protocol.

When set to No, static URLs for live, publicly-readable files will be served through a HTTPS (Secure HTTP) protocol, even if the connection for the asset referencing them is insecure.

At least one of the two static URL settings — Allow HTTP for static URL and Allow secure HTTP (HTTPS) for static URL must be set to Yes.

If both are set to Yes, then static URLs will be served using the same protocol as the referencing asset.

Allow secure HTTP (HTTPS) for static URL

Yes (On)

Root

When set to Yes static URLs for live, publicly-readable files can be served using the HTTPS (Secure HTTP) protocol.

When set to No, static URLs for live, publicly-readable files will be served through a (insecure) HTTP protocol even if the connection for the asset referencing them is secure.

At least one of the two static URL settings — Allow HTTP for static URL and Allow secure HTTP (HTTPS) for static URL must be set to Yes.

If both are set to Yes, then static URLs will be served using the same protocol as the referencing asset.

System web path separator

-

System administrator

Sets the character used to replace spaces in an assets’ name when automatically generating URLs.

For example, consider an asset named Contact us.

On a system using the default System web path separator this asset will be represented in a generated URL as contact-us, with the space automatically replaced with the hyphen glyph.

Redirect URL with trailing slash

Yes (On)

System administrator

When set to Yes, trailing slashes on frontend requested URLs will automatically be removed and the request will automatically be redirect to a URL with no trailing slash.

The system will serve content at one URL instead of both with and without a trailing slash.

This reduces the number of cache entries and URLs that may show up in search engines.

This option does not apply to the top of domains as URLs require at least one slash in the path.

URLs containing ?a= will return a 404

No (Off)

System administrator

When set to Yes, the system will return a 404 Page not found status when any requested URL contains the string ?a=.

Turning this on may break existing URLs.

Email settings

Email settings sets the email addresses used for receiving messages and errors generated by the Squiz Content Management system.

Table 3. Email settings
Setting Default value User Notes

Default email

[blank]

System administrator

Specifies the default email address for the system that Squiz Content Management will use to send emails if it has not been supplied with an email address for the message.

For example, if a custom form has to send emails, but the To address is empty, the email will be sent to the address specified in this field.

This address should be one available to the owner of the Squiz Content Management installation.

Tech email

[blank]

System administrator

Specifies the email address that Squiz Content Management uses to send technical emails, such as error reports and system configuration changes.

This email address should be for a user responsible for diagnosing and fixing technical problems with the Squiz Content Management installation.

Sign-in/session settings

Sign-in/session settings <introductory explanation here>.

Table 4. Sign-in/session settings
Setting Default value User Notes

Session cookie name

SQ_SYSTEM_SESSION

Root

This setting can only be changed by editing the "SQ_CONF_SESSION_COOKIE_NAME" value in the main.inc file.

When this value is changed, it will instantly sign out all current Squiz CMS user sessions.

Only change this value when you are certain there are no current user sessions active in the system.

Root URLs requiring secure sign-in

[blank]

Root

System root URLs listed in this field will attempt to display the sign-in box using the https protocol regardless of other protocol settings on the site.

Max sign-in attempts

3

Root

The maximum number of times a user may incorrectly enter this password before their account is locked.

Enter zero — 0 — to allow unlimited attempts.

To lock an account, Squiz Content Management changes the user account status to under construction.

To unlock the account, an administrator must change the status to live.

Allow IP change

No (Off)

Root

When set to Yes, a user is not signed-out if that user’s IP address changes while signed-in to Squiz Content Management.

Proxy settings in some companies can change the user’s IP address each time they view a Squiz Content Management page, effectively logging out the user each time they try and navigate to a new page.

Enabling this setting will tell Squiz Content Management to allow a user’s IP address to change throughout their session.

By default, if a user’s IP address changes while using Squiz Content Management, they will be signed out to ensure their account is not being used by someone else.

Process PHP credentials

No (Off)

Root

When set to Yes, Squiz Content Management will use the PHP_AUTH_USER and PHP_AUTH_PW server variables to attempt to authenticate a user.

These variables are generated by PHP when an HTTP Authentication dialog box is invoked in a script.

If a user has previously entered their username and password in a standard HTTP authentication form, Squiz Content Management will be provided with the username and password they entered.

When this setting is enabled, Squiz Content Management attempts to sign the user into the system using the username and password combination provided without requiring them to retype their username and password.

The password stored within Squiz Content Management must match the password entered during the initial HTTP authentication.

Enable HTTP authentication

No (Off)

Root

When set to Yes, The Content Management System will respond to requests with the query string USE_HTTP_LOGIN=1 with an HTTP Authentication request (and dialog box) instead of a sign-in design, allowing external tools to sign in to the system.

This setting will only generate the HTTP authentication request.

To actually process the credentials and sign-in, the Process PHP auth credentials setting must also be set to Yes.

If this option is enabled, Squiz Content Management will generate an HTTP authentication dialogue box instead of showing the standard sign-in design.

External tools can sign in to Squiz Content Management by appending use_http_login=1 to the URL.

Accept HTTP authentication

No (Off)

Root

When set to Yes, Squiz Content Management allows a username sent from an external authentication mechanism (for example, an authentication system provided by a web server or a proxy) to automatically sign in a user without them having to enter their password directly into the system.

The Content Management Service assumes the user has been authenticated from the external system and does not check the password entered during the original authentication against their system password.

HTTP authentication variable

REMOTE_USER

Root

This setting controls the PHP server variable used to authenticate external users if the Accept HTTP authentication setting is turned on.

Authentication could be bypassed if this setting is used with an HTTP header.

To securely implement this setting, you must ensure that any HTTP header is fully managed through all routes to Squiz Content Management.

There are two common variables for this setting:

REMOTE_USER

The default setting used by standard HTTP authentication systems such as that used by Apache.

HTTP_*

Some proxies could send a username as an HTTP header instead.

To convert an HTTP header name to a server variable name, the header name should be capitalized, hyphens should be changed to underscores, and http_ should be added to the front.

For example, if the username is returned in a header X-USER-NAME, this setting should be set to HTTP_X_USER_NAME.

Enable external authentication systems

No (Off)

Root

When set to Yes, external authentication systems (for example LDAP and IPD bridges) are enabled when authenticating a user.

Only the default authentication asset will be returned from the System Management  Authentication Systems area when this option is deactivated.

System administrators can temporarily deactivate external authentication in certain circumstances. For example, if an external system is compromised.

Redis session lock wait time

25000

Root

the redis.session.lock_wait_time value (in seconds).

The PHP session handler will try to get the lock until the multiple of the lock wait time and lock retries.

Redis session lock retries

1200

Root

the redis.session.lock_retries value (in seconds).

The PHP session handler will try to get the lock until the multiple of the lock wait time and lock retries.

Intervals settings

There is currently one Intervals setting, for setting the time between checks for system messages.

Table 5. Intervals settings
Setting Default value User Notes

System message check interval (seconds)

60

System administrator

The time between each check for new system messages.

The default value is also the minimum value.

Screen locks settings

Screen locks control screen and asset editing lock timings.

When a given screen or asset is editing locked, only the user with the lock can edit or otherwise change the locked object.

Table 6. Screen locks settings
Setting Default value User Notes

Lock length (seconds)

60

System administrator

The number of seconds an asset lock is held before expiring.

When an asset is locked and is not edited or otherwise changed for the set number of seconds, the asset lock is released.

The default value is also the minimum allowed value.

Lock refresh interval (seconds)

30

System administrator

How often an asset lock is automatically refreshed in the admin UI and simple edit UI.

The default value is also the minimum allowed value.

Set the lock refresh interval shorter than the lock length.

Otherwise, asset locks will expire while end-users are still editing the asset.

Lock inactivity expiry (seconds)

60

System administrator

The number of seconds an asset lock is held before it expires due to inactivity.

This setting applies in both the administration, and simple edit interfaces.

Refreshing this frame reacquires locks that the user still needs.

The default value is also the minimum allowed value.

PHP configuration settings

PHP configuration sets PHP-related operating values.

Table 7. PHP configuration settings
Setting Default value User Notes

Web memory limit (MB)

256

n/a

This is set to 256 MB on all Squiz DXP Content Management instances.

It is not configurable.

Cron memory limit (MB)

64

Root

Sets the maximum memory used by the Squiz CMS cron system.

This value will likely need to be increased on larger and more complex systems.

V8 configuration settings

V8 configuration sets operating values for the V8 JavaScript engine.

Table 8. V8 configuration settings
Setting Default value User Notes

Memory limit (MB)

512

System administrator

The maximum V8JS memory allocated to each Matrix instance.

Timeout (seconds)

60

System administrator

The maximum V8JS timeout allocated to each Matrix instance.

Error/debug settings

Error/debug settings control whether and how Squiz CMS errors are included in the operating system log.

Table 9. Error/debug settings
Setting Default value User Notes

Log errors to syslog

No (Off)

Root

Sets whether to log system errors to the operating system log.

If this field is set to Yes, the system name will be used as the system log identifier.

If no system name is explicitly set, a default string — squiz mysource <version #> (Matrix) — is used.

Syslog facility

User

Root

Sets where in the operating system log Matrix errors will be filed.

These options (as defined in the Syslog Facility codes) are:

  • user

  • local0local7.

User-defined facilities must be configured in the system’s syslog.conf file.

The Log errors to syslog field must be set to Yes for this field to work.

Debug settings

  • ☑ Show file and line numbers in error messages.

  • ☑ Show stack trace in error messages.

  • ☑ Show additional information about memory and performance.

  • ☐ Show current frontend assetit and url where the error message is triggered from.

  • ☑ Show deprecation warnings.

  • ☐ Do not show fatal errors and exceptions on frontend.

Root

Show file and line number in error messages

Check this option to show both the file and line number in error messages.

Show stack trace in error messages

Check this option to show the stack trace in error messages.

Show additional information about memory and performance

Check this option to show additional information about memory and performance in error messages.

Show current frontend assetid and url where the error message is triggered from

Check this option to include this information in error messages, which may help with diagnosing the root cause of an error message.

Show deprecation warnings

Check this option to show additional deprecation warning information about assets that are marked for deprecation.

Do not show fatal errors and exceptions on frontend

Check this option to only show a general warning and a request ID on the frontend, instead of the uncaught exception that caused the fatal error or exception.

Something went wrong trying to render this page... Request ID: b34b5303-a5ca-454c-9eb0-09ab6e4e37720

The request ID can be used to find the uncaught exception error through the Error log in the Log Manager instead of trying to use the partially rendered content to diagnose the issue.

Language settings

Language settings control URL-string sanitization.

Language settings are not related to page translation.
Table 10. Language settings
Setting Default value User Notes

Admin UI language

English (United States)

n/a

This sets the language used by the system backend. It is set to US English and cannot be changed.

Replace accented characters in web paths

Yes (On)

System administrator

When this field is set to Yes, non-ASCII characters (for example, letters that take a diacritic) are converted to the character map of the selected Web path character replacement language. (See the following setting.)

Not all languages are supported.

Web path character replacement language

English

System administrator

Sets the character map used to transform non-ASCII characters (for example, letters that take a diacritic) into valid characters in a URL.

This setting is not a page translation setting. It only affects how non-ASCII characters are transformed into URL-safe glyphs.

Changing this value from the default value — English — is not recommended.

Asset tree settings

Asset tree settings control aspects of asset display in the Squiz CMS asset tree.

Table 11. Asset tree settings
Setting Default value User Notes

Asset limit per set

50

System administrator

Sets the maximum number of child assets displayed for an asset in the asset tree.

If more than this number of child assets exist, Next and Previous buttons are presented.

For more information on the Next and Previous buttons, refer to the Concepts documentation.

Asset display name

%asset_short_name%

System administrator

This field specifies what information is shown for each asset in the asset tree.

The following keyword replacements can be used, along with other characters:

%asset_assetid%

The ID of the asset.

%asset_name%

The full name of the asset.

%asset_short_name%

The short name of the asset.

%asset_type_code%

The asset type (for example, a standard page).

%asset_status%

The status of the asset (for example, safe edit).

%asset_num_kids%

The number of immediate child assets an asset has.

HTTP headers settings

HTTP headers settings control what HTTP headers are sent by the system.

Table 12. HTTP headers settings

Setting

Default value

User

Notes

Send cacheable header

Yes (On)

Root

When set to Yes the sending of cacheable cache-control and pragma headers for all public live pages it serves to users not signed in is enabled.

When set to No, Matrix send these headers instead:

  • `Cache-Control: No-store

  • no-cache

  • must-revalidate

  • POST-check=0

  • pre-check=0

  • Pragma: No-cache.

This setting allows the web browser to cache pages for faster browsing.

Send last-modified header

No (Off)

Root

When set to Yes, a last-modified header is sent, along with responses, to users who are not signed in.

This indicates when a page’s content was last modified.

Browser and proxy server caches use this header to determine the age of the content, and minimize unnecessary future hits on the Matrix system.

Send not modified status-code

No (Off)

Root

When set to Yes, Matrix tests If-Modified-Since headers sent in requests to live, publicly readable assets.

If the current asset’s content is older than the passed If-Modified-Since date, Matrix sends a 304 Not Modified status code instead of the actual content.

The 304 code will only be sent for publicly cached pages and users who are not signed in.

This setting is recommended for heavily trafficked sites, as it can reduce the number of requests that reach Matrix (instead of using a cache), especially if your content does not change often.

Send no-cache header for file assets

Yes (On)

Root

When set to Yes a no-cache Cache-control header is sent for file asset types.

This option can be disabled to resolve inline file display issues involving PDF documents in Internet Explorer.

Send cacheable headers for 404 pages

Yes (On)

Root

When set to Yes pages returning a 404 Not Found response can be cached by a caching proxy server.

This option is separate from the send cacheable header option.

The cache expiry setting determines the cached response’s expiry time on the Details screen of the cache manager.

See the Cache manager documentation for more information on the Cache manager.

Use "X-Forwarded-for" header

No (Off)

System administrator

When set to Yes, the X-Forwarded-for header is enabled.

This header allows parent servers to discern client IPS when behind reverse proxies.

IP restrictions within the system can be used in conjunction with caching proxy servers (for example Squid) specified in the available input fields.

Set 'HttpOnly' flag for session cookies

Yes (On)

System administrator

When set to yes, the HttpOnly flag is enabled.

An HttpOnly cookie will only be used when transmitting HTTP or HTTPS requests.

Additionally, a web browser will not allow client-side scripts (such as javascript) access to the cookie.

This setting can help mitigate the effects of cross-site scripting (XSS) attacks.

Set 'Secure' flag for session cookies

Yes (On)

System administrator

When set to Yes, the secure cookie flag is sent when a connection is made over HTTPS.

Enabling this causes browsers to not share the session cookie between HTTP and HTTPS.

Send IE "X-UA-Compatible" header?

Yes (On)

System administrator

When set to Yes, the X-UA-compatible header is sent for Internet Explorer browsers.

Enabling this option will send the IE=edge,chrome=1 X-UA-compatible header, meaning that the webpage will be displayed in edge mode, the highest standards mode supported by the Internet Explorer version being used.

Stale while revalidate expiry

86400

System administrator

Sets the number of seconds the stale cache can be re-used for requests after the cache becomes stale.

This value is served in the Cache-Control response header as the stale-while-revalidate directive to influence Content Delivery Network (CDN) behavior.

The default value (86400 seconds) is equal to 24 hours.

Stale if error expiry

604800

System administrator

Sets the number of seconds in which the stale cache can be reused for requests after the Content Management instance returns errors.

This value is served in the Cache-Control response header as the stale-if-error directive to influence CDN behavior.

The default (604800 seconds) is equal to one week or seven days

Roles configuration

Roles configurations turn the various role systems on or off.

Table 13. Roles configuration
Setting Default value User Notes

Enable permission roles system

No (Off)

System administrator

When set to Yes, roles are enabled in the system.

If roles are not required, leaving them off is recommended. Leaving roles inactive can increase the performance of the system.

Enable workflow roles system

No (Off)

System administrator

When set to Yes, workflow roles are enabled in the system.

If workflow roles are not required, leaving them off is recommended. Leaving workflow roles inactive can increase the performance of the system.

Enable global role assignments

No (Off)

System administrator

When set to Yes, global roles are enabled in the system.

If global roles are not required, leaving them off is recommended. Leaving global roles inactive can increase the performance of the system.

Feature toggles settings

Feature toggles settings turn asset-specific settings on or off.

Table 14. Feature toggles settings
Setting Default value User Notes

Enable asset syncing feature

No (Off)

Root

When set to Yes, assets across different systems can be added, updated and deleted in bulk.

This feature should only be enabled for systems with multiple environments configured for bi-directional sync.

Also, bulk changes cannot be easily reverted.

A thorough understanding of this feature is advised before enablement and use.

Enable asset management API

No (Off)

Root

When set to Yes, the REST API for creating and updating assets is enabled.

Once enabled, assets can be created and updated using said API.

Miscellaneous settings

Miscellaneous settings collects together settings not obviously belonging to other listed categories.

Table 15. Miscellaneous settings
Setting Default value User Notes

Visited page maximum entries

10

System administrator

This sets the maximum number of visited URLs to store in a given user session.

The specific URLs and asset IDs visited can be accessed via their associated global session variables:

  • visited_urls

  • visited_assets

Strip matrix comments from frontend

Yes (On)

System administrator

When set to Yes, the design parsing process strips specially-marked comments from the final output.

Comments set within these specially-marked comment block are, consequently, not presented to frontend users who use their browser’s built-in ability to view a page’s source.

Specially-marked comment blocks are defined as follows:

For HTML design files, wrap comments in <!--@@ @@-->.

For CSS design files, wrap comments in /*@@ @@*/.

Funnelback settings

There is one Funnelback setting for setting which Matrix user IDs are used for Funnelback indexing.

Table 16. Funnelback settings
Setting Default value User Notes

Funnelback indexing user

[blank]

System administrator

Add a Matrix user ID to set that user ID as allowing Funnelback indexing.

To set multiple Matrix user IDs to allow Funnelback indexing, add the user IDs as a comma-separated string.

The Funnelback crawler must sign in as one of the listed users to receive X-Funnelback headers for extra page metadata.