System configuration screen

The System configuration screen lets you configure the basic settings for your Matrix system. To access this screen, click system configuration, then Click System configuration from the list.

System administrators can only edit specific fields on this screen. You must sign in to the system as the root user to edit all fields.

System settings

Fields marked with an asterisk (*) can only be edited by the root user.
System name

Enter the name of the system. This name is shown in the header section of the HTML source code created for the site. The name is also displayed at the bottom of all emails sent to Matrix editors and administrators. By default, the name of the system is The system.

System owner

Enter the owner of the system. The owner’s name is then shown in the header section of the HTML source code created for the site. It is also displayed at the bottom of all emails sent to Matrix editors and administrators, so they know whom to contact for assistance. By default, the owner of the system is blank.

System backend suffix

Enter the suffix to be appended to the URL to access the administration interface of Matrix. By default, this is set to _admin.

If you change the system backend suffix, all users will need to manually navigate to the new suffix.
System simple edit suffix

Enter the suffix to be appended to the URL to access the inline edit mode of Matrix. By default, this is set to _edit.

System sign-in suffix

Enter the suffix to be appended to the URL of a page so you can sign in. This suffix will mean that the Matrix sign-in box will appear, where you can enter your username and password. Instead of going to the administration or inline edit mode, you will be returned to the page you were viewing.

For example, if you view the Contact Us page on your site and append _login onto the end of the URL, the sign-in box will appear. After you have entered your username and password, you will be returned to the Contact Us page. By default, this suffix is set to _login.

The system sign-in suffix is useful if you have information or tools on your site that you only want certain users to view but you do not want to add a sign-in box into your design so they can access them.
System bypass cache suffix

Enter the suffix to be appended to the URL to access the matrix-uncached version of the page. Using this suffix forces Matrix to serve the most recent version of the page to the user. By default, this is set to _nocache.

System bypass proxy cache suffix

Enter the suffix to be appended to the URL to access the page’s proxy-uncached version. This suffix forces Matrix to ignore any Send cacheable headers settings and will not send relevant headers (such as Cache-control, expires, and last-modified) when serving the page to the user. By default, this is set to _noproxycache.

System clear cache suffix

Enter the suffix to be appended to the URL to clear and re-populate the Matrix cache for the page.

Relative HREFs generated when using _recache are meant to work for the actual URL without the suffix and will not work as expected when viewing with the suffix attached.

By default, this is set to _recache.

Performance mode suffix

Enter the suffix to be appended to the URL to access Matrix performance mode. By default, this is set to _performance.

System timezone

Enter the time zone for the system. By default, this is set to Australia/Sydney.

Disable attribution

Click Yes to turn off the 'running Matrix' attribution from your site’s design source.

Design assets must be regenerated before this option takes effect.

By default, this option is set to No, meaning the attribution will be displayed.

Enforce same origin frame

If Matrix is nested in the frame of a page, enabling this option will ensure that both the page and your system are hosted on the same domain. If they are not, the browser will block the page’s loading. By default, this option is enabled. It is recommended that you keep this option enabled for added security.

System URL settings

Fields marked with an asterisk (*) can only be edited by the root user.
System root URLs

This field lets you define the list of URLs that can access Matrix. All site assets created within Matrix need a URL applied based on a URL listed in this field. You can enter as many URLs as you need. Put each URL on a new line. The protocol (that is, http:// or https://) should not be specified.

System parent domains

This field lets you define a list of parent domains for setting session cookies. Parent domains are useful if several system root URLs have a common parent domain. If the current URL ends with one of the parent domains, then the cookie will be set on the parent domain instead, with the result being that the user’s session will persist across the parent domain and all its subdomains. For example, syd.example.com and mel.example.com are the system root URLs, and example.com is the system parent domain. When a user visits syd.example.com, the cookie will be created for example.com. When they visit mel.example.com, the cookie created for example.com will be used.

System static URL*

By default, Matrix rewrites URLs for publicly accessible and live file-based assets to be readable without loading PHP. By entering a system static URL, you can tell Matrix to rewrite those URLs to an alternative location, which could be a different (and lightweight) piece of web server software on the same machine as the Matrix install or a completely different machine. Leave this field blank to use the default Matrix behavior. This option should only be used if instructed by Squiz.

Restricted file extensions through static root domain

This field lets you set the file extension types (comma-separated) that will not be served through your system’s static URL, as specified in the above system static URL field. Any specified file types will not use the system’s static root domain (that is, \www.example.com) instead of the Matrix system root URL. The static URL will serve any file types not specified in this field.

Static URL uses HTTP*

Specify whether the static files can be served using the http:// protocol.

Static URL uses HTTPS*

Specify whether the static files can be served using the https:// protocol.

System web path separator

This field lets you define the character to replace the spaces in the assets' names when automatically generating URLs. For example, an asset named Contact us would have automatically generated URLs of contact-us, where the URL separator has replaced the space. By default, the URL separator is -.

Redirect URL with trailing slash

Enabling this option will remove trailing slashes off frontend requested URLs and redirect them. The system will just serve content at one URL instead of both with and without a trailing slash. This reduces the number of cache entries and URLs that may show up in search engines.

This option does not apply to the top of domains as URLs require at least one slash in the path.

Email settings

Default email

Specify the default email address for the system that Matrix will use to send emails if it has not been supplied with an email address for the message. For example, if a custom form has to send emails, but the To address is empty, the email will be sent to the address specified in this field. This email address should be for the owner of the Matrix installation. By default, this field is blank.

Tech email

Specify the tech email address for the system that Matrix will use to send technical emails, such as error reports and system configuration changes. This email address should be for a user to diagnose and fix technical problems with the Matrix installation. By default, this field is blank.

Sign-in/session settings

Fields marked with an asterisk (*) can only be edited by the root user.
Root URLs requiring secure sign-in*

This field lets you select which system root URLs will attempt to display the sign-in box using the https protocol regardless of other protocol settings on the site.

Max sign-in attempts*

Enter the maximum number of times a user may incorrectly enter this password before their account is locked. Enter zero (0) to allow unlimited attempts.

To lock an account, Matrix changes the user account status to under construction. To unlock the account, an administrator must change the status to live.
Allow IP change*

By default, if a user’s IP address changes while using Matrix, they will be signed out to ensure their account is not being used by someone else. Proxy settings in some companies could change the user’s IP address each time they view a Matrix page, effectively logging out the user each time they try and navigate to a new page. Enabling this setting will tell Matrix to allow a user’s IP address to change throughout their session.

Process PHP credentials*

If a user has previously entered their username and password in a standard HTTP authentication form, Matrix will be provided with the username and password they entered. If this setting is enabled, Matrix will attempt to sign the user into the system using the username and password combination provided without requiring them to retype their username and password. The password stored within Matrix must match the password entered during the initial HTTP authentication.

Enable HTTP authentication*

If this option is enabled, Matrix will generate an HTTP authentication dialogue box instead of showing the standard sign-in design. External tools can sign in to Matrix by appending use_http_login=1 to the URL.

You must turn on Process PHP credentials to use HTTP authentication.
Accept HTTP authentication*

This setting controls whether Matrix should use a username sent from an external authentication mechanism (for example, an authentication system provided by a web server or a proxy) to automatically sign in a user without them having to enter their password directly into the system. Content Management Service assumes the user has been authenticated from the external system and does not check the password entered during the original authentication against their system password.

HTTP authentication variable*

This setting controls the PHP server variable used to authenticate external users if the Accept HTTP authentication setting is turned on.

Authentication could be bypassed if this setting is used with an HTTP header. To securely implement this setting, you must ensure that any HTTP header is fully managed through all routes to Matrix.

There are two common variables for this setting:

REMOTE_USER

The default setting used by standard HTTP authentication systems such as that used by Apache.

HTTP_*

Some proxies could send a username as an HTTP header instead. To convert an HTTP header name to a server variable name, the header name should be capitalized, hyphens should be changed to underscores, and http_ should be added to the front.
For example, if the username is returned in a header X-USER-NAME, this setting should be set to HTTP_X_USER_NAME.

Enable external authentication systems*

This setting controls whether external authentication systems (LDAP and IPD bridges) are enabled when authenticating a user. Only the default authentication asset will be returned from the System Management  Authentication Systems area when this option is deactivated. System administrators can temporarily deactivate external authentication in certain circumstances. For example, if an external system is compromised.

Screen locks

Lock length

Enter the time (in seconds) for how long a lock is held before expiring. If a user locks an asset and decides not to edit it further, the lock is released after the number of seconds has elapsed.

Lock refresh interval

Enter the time (in seconds) for how often the lock automatically refreshes in the administration and simple edit interfaces.

Lock inactivity expiry

Enter the time (in seconds) for how long a lock is held before it expires (in seconds) due to inactivity on the current screen, in the administration, and simple edit interfaces. The refreshing of this frame reacquires locks that the user still needs.

You should set the lock refresh interval shorter than the lock length. Otherwise, the locks will expire while the user is still editing an asset.

PHP configuration

Web memory limit: Set to 256 MB for all Squiz DXP Content Management instances and is not configurable.

Cron memory limit

Enter the maximum amount of memory used by the Matrix cron system. By default, this is set to 64MB. This limit will probably need to be increased on larger and more complex systems.

Error/debug settings

Fields marked with an asterisk (*) can only be edited by the root user.
Log errors*

Select whether to log all errors generated on the frontend and edit interfaces to the error log. It is highly recommended that you not alter this field’s default value, Yes.

Log errors to Syslog?*

Select whether to log system errors to the operating system log. If this field is set to Yes, the system name will be used as the system log identifier. The default string squiz mysource [version] (Matrix) will be used if no name is specified. By default, this field is set to No.

Syslog facility*

Select the facility for logging errors to the operating system log. This setting determines where in the system log the errors will be filed.

The log errors to the Syslog field must be set to Yes for this field to work.

The options are user, and local0 to local7 as defined in the Syslog Facility codes. User-defined facilities must be configured in the system’s syslog.conf file.

Debug settings*

The following options can be set for the formatting of error messages:

Show file and line number in error messages

Check this option to show both the file and line number in error messages.

Show stack trace in error messages

Check this box to show the stack trace in error messages.

Show additional information about memory and performance

Check this box to show additional information about memory and performance in error messages.

Show current frontend assetid and url where the error message is triggered from

Check this box to include this information in error messages, which may help with diagnosing the root cause of an error message.

Show deprecation warnings

Check this box to show additional deprecation warning information about assets that are marked for deprecation.

Do not show fatal errors and exceptions on frontend

Check this box to only show a general warning and a request ID on the frontend, instead of the uncaught exception that caused the fatal error or exception.

Something went wrong trying to render this page... Request ID: b34b5303-a5ca-454c-9eb0-09ab6e4e37720

The request ID can be used to find the uncaught exception error through the Error log in the Log Manager instead of trying to use the partially rendered content to diagnose the issue.

Language settings

Default backend language

The language is set to English (United States) and can not be changed.

Replace accented characters in web paths

Select whether to use character conversion for URLs based on the international settings.
If this field is set to Yes, accented characters in newly-created asset URLs are converted to the character map of the selected Web path character replacement language.

Not all languages are supported.

By default, this field is set to Yes.

Web path character replacement language

This setting defaults to English and should not be changed.
This setting is not a page translation setting. It only affects how accented characters are translated to valid characters in URLs.

Editing interface settings

Save button text

This field allows you to change the text displayed on the Save button at the bottom of the administration and simple edit interfaces.

Confirm save changes

This field allows you to set whether the warning appears if the user has not clicked Save. By default, this is set to Yes.

Asset tree settings

The fields that are available in this section are outlined below:

Asset limit per set

Enter the number of child assets displayed for an asset in the asset tree. If more than this number of child assets exist, the Next and Previous buttons will be provided. By default, this option is set to 50. For more information on the Next and Previous buttons, refer to the Concepts documentation.

Asset display name

This field allows you to specify what information to show for each asset in the asset tree. By default, the short name is shown. This can, however, be modified to display other information, such as asset ID and the number of children. The following keyword replacements can be used, along with other characters:

%asset_assetid%

This displays the ID of the asset.

%asset_name%

This displays the full name of the asset.

%asset_short_name%

This displays the short name of the asset.

%asset_type_code%

This displays the type of asset, for example, a standard page.

%asset_status%

This displays the status of the asset, for example, safe edit.

%asset_num_kids%

This displays the number of immediate child assets an asset has.

HTTP headers settings

Fields marked with an asterisk (*) can only be edited by the root user.
Send cacheable header*

Set this to Yes to enable the sending of cacheable cache-control and pragma headers for all public live pages it serves to users not signed in. This setting allows the web browser to cache pages for faster browsing. If set to No, Matrix will send these headers:

Cache-Control: No-store, no-cache, must-revalidate, POST-check=0, pre-check=0 Pragma: No-cache.

Send last-modified header*

Set this field to Yes to send a last-modified header for all publicly cached pages it serves to users who are not signed in.

Send not modified status-code*

Set this field to Yes to send a 304 not modified status code if requested by a proxy. The 304 code will only be sent for publicly cached pages and users who are not signed in.

Send no-cache header for file assets*

Set this field to Yes to send a no-cache Cache-control header for file asset types. This option can be disabled to resolve inline file display issues involving PDF documents in Internet Explorer.

Send cacheable headers for 404 pages*

Set this field to Yes to allow pages returning a 404 Not Found response to be cached by a caching proxy server. This option is separate from the send cacheable header option. The cache expiry setting determines the cached response’s expiry time on the Details screen of the cache manager.

Read the Cache manager for more information on the Cache manager.

Use "X-Forwarded-for" header

Select whether to enable the x-forwarded-for HTTP header. This header allows parent servers to discern client IPS when behind reverse proxies. IP restrictions within Matrix can be used in conjunction with squid and other reverse proxies specified in the available input fields.

Set 'HttpOnly' flag for session cookies

Select whether to enable HttpOnly cookies. An HttpOnly cookie will only be used when transmitting HTTP or HTTPS requests. Additionally, a web browser will not allow client-side scripts (such as javascript) access to the cookie. This setting can help mitigate the effects of cross-site scripting attacks.

Set 'Secure' flag for session cookies

Specify whether to transmit the secure cookie flag when a connection is made over https. Enabling this will cause browsers to not share the session cookie between HTTP and HTTPS.

Send IE "X-UA-Compatible" header?

Specify whether to send the X-UA-compatible header for Internet Explorer browsers. Enabling this option will send the IE=edge,chrome=1 X-UA-compatible header, meaning that the webpage will be displayed in 'edge mode', the highest standards mode supported by the IE version being used.

Stale while revalidate expiry

Controls the seconds in which the stale cache can be reused for requests after the cache becomes stale. The default is 24-hours (86400 seconds).

This value is served in the Cache-Control response header as the stale-while-revalidate directive to influence Content Delivery Network (CDN) behavior.

Stale if error expiry

Controls the seconds in which the stale cache can be reused for requests after the Content Management instance returns errors. The default is 24-hours (86400 seconds).

This value is served in the Cache-Control response header as the stale-if-error directive to influence CDN behavior.

Automatic headers

Some headers are sent by default without needing to configure anything. These are as follows:

Surrogate-control

Content="esi/1.0" This header is used for proxy cache layers that support Edge Side Include (ESI) tags and are automatically sent when any ESI-based HTML tags start with either <esi: Or <!--esi. This header tells the cache layer that the content contains ESI tags that need to be processed by its rendering engine.

If you are signed in and have write access to the current page, you can add ?SQ_DISABLE_ESI to the end of the URL to prevent this automatic header from being sent, which is useful for debugging ESI tags.

Even with ?SQ_DISABLE_ESI added, the accelerator caching proxy might still be configured to inject the surrogate-control header and process the ESI tags automatically. If this is the case, you can turn off that proxy configuration. Matrix will automatically add this header if any ESI tags are within the rendered HTML.

Roles configuration

Fields marked with an asterisk (*) can only be edited by the root user.
Enable permission roles system*

This field lets you enable permission roles in the system. By default, this is set to No. Leaving roles deactivated will increase the performance of the system.

Enable workflow roles system*

This field lets you enable workflow roles in the system. By default, this is set to No. Leaving roles deactivated increases the performance of the system.

Enable global roles*

This field lets you enable global roles in the system. By default, this is set to No. Leaving global roles deactivated will increase the performance of the system.

Search engine optimizations

In the Remove self links field, decide whether to remove system links that redirect to the currently viewed asset. If Yes is selected, all global-level links will be removed, including links with query strings or URL system suffixes recognized by Matrix, such as the _admin suffix. By default, this field is set to No.

Miscellaneous settings

The following fields are available:

Visited pages maximum entries

Specify the maximum number of visited URL entries to store in the current session. These visited URL entries and asset IDs can be accessed using the global session variables visited_urls and visited_assets.

Strip matrix comments

Decide whether to strip out code using the Matrix comment syntax in your site’s output. This option is enabled by default, meaning that comments will not be displayed on the frontend.