System configuration screen
The System configuration screen lets you configure the basic settings for your Matrix system. To access this screen, click , then Click System configuration from the list.
System administrators can only edit specific fields on this screen. You must sign in to the system as the root user to edit all fields.
System settings
Fields marked with an asterisk (* ) can only be edited by the root user.
|
- System name
-
Enter the name of the system. This name is shown in the header section of the HTML source code created for the site. The name is also displayed at the bottom of all emails sent to Matrix editors and administrators. By default, the name of the system is The system.
- System owner
-
Enter the owner of the system. The owner’s name is then shown in the header section of the HTML source code created for the site. It is also displayed at the bottom of all emails sent to Matrix editors and administrators, so they know whom to contact for assistance. By default, the owner of the system is blank.
- System backend suffix
-
Enter the suffix to be appended to the URL to access the administration interface of Matrix. By default, this is set to
_admin
.If you change the system backend suffix, all users will need to manually navigate to the new suffix. - System simple edit suffix
-
Enter the suffix to be appended to the URL to access the inline edit mode of Matrix. By default, this is set to
_edit
. - System sign-in suffix
-
Enter the suffix to be appended to the URL of a page so you can sign in. This suffix will mean that the Matrix sign-in box will appear, where you can enter your username and password. Instead of going to the administration or inline edit mode, you will be returned to the page you were viewing.
For example, if you view the Contact Us page on your site and append
_login
onto the end of the URL, the sign-in box will appear. After you have entered your username and password, you will be returned to the Contact Us page. By default, this suffix is set to_login
.The system sign-in suffix is useful if you have information or tools on your site that you only want certain users to view but you do not want to add a sign-in box into your design so they can access them. - System bypass cache suffix
-
Enter the suffix to be appended to the URL to access the matrix-uncached version of the page. Using this suffix forces Matrix to serve the most recent version of the page to the user. By default, this is set to
_nocache
. - System bypass proxy cache suffix
-
Enter the suffix to be appended to the URL to access the page’s proxy-uncached version. This suffix forces Matrix to ignore any Send cacheable headers settings and will not send relevant headers (such as Cache-control, expires, and last-modified) when serving the page to the user. By default, this is set to
_noproxycache
. - System clear cache suffix
-
Enter the suffix to be appended to the URL to clear and re-populate the Matrix cache for the page.
Relative HREFs generated when using _recache
are meant to work for the actual URL without the suffix and will not work as expected when viewing with the suffix attached.By default, this is set to
_recache
. - Performance mode suffix
-
Enter the suffix to be appended to the URL to access Matrix performance mode. By default, this is set to
_performance
. - System timezone
-
Enter the time zone for the system. By default, this is set to
Australia/Sydney
. - Disable attribution
-
Click
Yes
to turn off the 'running Matrix' attribution from your site’s design source.Design assets must be regenerated before this option takes effect. By default, this option is set to
No
, meaning the attribution will be displayed. - Enforce same origin frame
-
If Matrix is nested in the frame of a page, enabling this option will ensure that both the page and your system are hosted on the same domain. If they are not, the browser will block the page’s loading. By default, this option is enabled. It is recommended that you keep this option enabled for added security.
System URL settings
Fields marked with an asterisk (* ) can only be edited by the root user.
|
- System root URLs
-
This field lets you define the list of URLs that can access Matrix. All site assets created within Matrix need a URL applied based on a URL listed in this field. You can enter as many URLs as you need. Put each URL on a new line. The protocol (that is,
http://
orhttps://
) should not be specified. - System parent domains
-
This field lets you define a list of parent domains for setting session cookies. Parent domains are useful if several system root URLs have a common parent domain. If the current URL ends with one of the parent domains, then the cookie will be set on the parent domain instead, with the result being that the user’s session will persist across the parent domain and all its subdomains. For example,
syd.example.com
andmel.example.com
are the system root URLs, and example.com is the system parent domain. When a user visitssyd.example.com
, the cookie will be created forexample.com
. When they visitmel.example.com
, the cookie created forexample.com
will be used. - System static URL*
-
By default, Matrix rewrites URLs for publicly accessible and live file-based assets to be readable without loading PHP. By entering a system static URL, you can tell Matrix to rewrite those URLs to an alternative location, which could be a different (and lightweight) piece of web server software on the same machine as the Matrix install or a completely different machine. Leave this field blank to use the default Matrix behavior. This option should only be used if instructed by Squiz.
- Restricted file extensions through static root domain
-
This field lets you set the file extension types (comma-separated) that will not be served through your system’s static URL, as specified in the above system static URL field. Any specified file types will not use the system’s static root domain (that is, \www.example.com) instead of the Matrix system root URL. The static URL will serve any file types not specified in this field.
- Static URL uses HTTP*
-
Specify whether the static files can be served using the
http://
protocol. - Static URL uses HTTPS*
-
Specify whether the static files can be served using the
https://
protocol. - System web path separator
-
This field lets you define the character to replace the spaces in the assets' names when automatically generating URLs. For example, an asset named Contact us would have automatically generated URLs of
contact-us
, where the URL separator has replaced the space. By default, the URL separator is-
. - Redirect URL with trailing slash
-
Enabling this option will remove trailing slashes off frontend requested URLs and redirect them. The system will just serve content at one URL instead of both with and without a trailing slash. This reduces the number of cache entries and URLs that may show up in search engines.
This option does not apply to the top of domains as URLs require at least one slash in the path.
Email settings
- Default email
-
Specify the default email address for the system that Matrix will use to send emails if it has not been supplied with an email address for the message. For example, if a custom form has to send emails, but the To address is empty, the email will be sent to the address specified in this field. This email address should be for the owner of the Matrix installation. By default, this field is blank.
- Tech email
-
Specify the tech email address for the system that Matrix will use to send technical emails, such as error reports and system configuration changes. This email address should be for a user to diagnose and fix technical problems with the Matrix installation. By default, this field is blank.
Sign-in/session settings
Fields marked with an asterisk (* ) can only be edited by the root user.
|
- Root URLs requiring secure sign-in*
-
This field lets you select which system root URLs will attempt to display the sign-in box using the
https
protocol regardless of other protocol settings on the site. - Max sign-in attempts*
-
Enter the maximum number of times a user may incorrectly enter this password before their account is locked. Enter zero (
0
) to allow unlimited attempts.To lock an account, Matrix changes the user account status to under construction. To unlock the account, an administrator must change the status to live. - Allow IP change*
-
By default, if a user’s IP address changes while using Matrix, they will be signed out to ensure their account is not being used by someone else. Proxy settings in some companies could change the user’s IP address each time they view a Matrix page, effectively logging out the user each time they try and navigate to a new page. Enabling this setting will tell Matrix to allow a user’s IP address to change throughout their session.
- Process PHP credentials*
-
If a user has previously entered their username and password in a standard HTTP authentication form, Matrix will be provided with the username and password they entered. If this setting is enabled, Matrix will attempt to sign the user into the system using the username and password combination provided without requiring them to retype their username and password. The password stored within Matrix must match the password entered during the initial HTTP authentication.
- Enable HTTP authentication*
-
If this option is enabled, Matrix will generate an HTTP authentication dialogue box instead of showing the standard sign-in design. External tools can sign in to Matrix by appending
use_http_login=1
to the URL.You must turn on Process PHP credentials to use HTTP authentication. - Accept HTTP authentication*
-
This setting controls whether Matrix should use a username sent from an external authentication mechanism (for example, an authentication system provided by a web server or a proxy) to automatically sign in a user without them having to enter their password directly into the system. Content Management Service assumes the user has been authenticated from the external system and does not check the password entered during the original authentication against their system password.
- HTTP authentication variable*
-
This setting controls the PHP server variable used to authenticate external users if the Accept HTTP authentication setting is turned on.
Authentication could be bypassed if this setting is used with an HTTP header. To securely implement this setting, you must ensure that any HTTP header is fully managed through all routes to Matrix. There are two common variables for this setting:
- REMOTE_USER
-
The default setting used by standard HTTP authentication systems such as that used by Apache.
- HTTP_*
-
Some proxies could send a username as an HTTP header instead. To convert an HTTP header name to a server variable name, the header name should be capitalized, hyphens should be changed to underscores, and
http_
should be added to the front.
For example, if the username is returned in a headerX-USER-NAME
, this setting should be set toHTTP_X_USER_NAME
.
- Enable external authentication systems*
-
This setting controls whether external authentication systems (LDAP and IPD bridges) are enabled when authenticating a user. Only the default authentication asset will be returned from the
area when this option is deactivated. System administrators can temporarily deactivate external authentication in certain circumstances. For example, if an external system is compromised.
Screen locks
- Lock length
-
Enter the time (in seconds) for how long a lock is held before expiring. If a user locks an asset and decides not to edit it further, the lock is released after the number of seconds has elapsed.
- Lock refresh interval
-
Enter the time (in seconds) for how often the lock automatically refreshes in the administration and simple edit interfaces.
- Lock inactivity expiry
-
Enter the time (in seconds) for how long a lock is held before it expires (in seconds) due to inactivity on the current screen, in the administration, and simple edit interfaces. The refreshing of this frame reacquires locks that the user still needs.
You should set the lock refresh interval shorter than the lock length. Otherwise, the locks will expire while the user is still editing an asset.
PHP configuration
Web memory limit: Set to 256 MB
for all Squiz DXP Content Management instances and is not configurable.
- Cron memory limit
-
Enter the maximum amount of memory used by the Matrix cron system. By default, this is set to
64MB
. This limit will probably need to be increased on larger and more complex systems.
Error/debug settings
Fields marked with an asterisk (* ) can only be edited by the root user.
|
- Log errors*
-
Select whether to log all errors generated on the frontend and edit interfaces to the error log. It is highly recommended that you not alter this field’s default value,
Yes
. - Log errors to Syslog?*
-
Select whether to log system errors to the operating system log. If this field is set to
Yes
, the system name will be used as the system log identifier. The default stringsquiz mysource [version] (Matrix)
will be used if no name is specified. By default, this field is set toNo
. - Syslog facility*
-
Select the facility for logging errors to the operating system log. This setting determines where in the system log the errors will be filed.
The log errors to the Syslog field must be set to Yes
for this field to work.The options are
user
, andlocal0
tolocal7
as defined in the Syslog Facility codes. User-defined facilities must be configured in the system’ssyslog.conf
file. - Debug settings*
-
The following options can be set for the formatting of error messages:
- Show file and line number in error messages
-
Check this option to show both the file and line number in error messages.
- Show stack trace in error messages
-
Check this box to show the stack trace in error messages.
- Show additional information about memory and performance
-
Check this box to show additional information about memory and performance in error messages.
- Show current frontend assetid and url where the error message is triggered from
-
Check this box to include this information in error messages, which may help with diagnosing the root cause of an error message.
- Show deprecation warnings
-
Check this box to show additional deprecation warning information about assets that are marked for deprecation.
- Do not show fatal errors and exceptions on frontend
-
Check this box to only show a general warning and a request ID on the frontend, instead of the uncaught exception that caused the fatal error or exception.
Something went wrong trying to render this page... Request ID: b34b5303-a5ca-454c-9eb0-09ab6e4e37720
The request ID can be used to find the uncaught exception error through the Error log in the Log Manager instead of trying to use the partially rendered content to diagnose the issue.
Language settings
- Default backend language
-
The language is set to English (United States) and can not be changed.
- Replace accented characters in web paths
-
Select whether to use character conversion for URLs based on the international settings.
If this field is set toYes
, accented characters in newly-created asset URLs are converted to the character map of the selected Web path character replacement language.Not all languages are supported. By default, this field is set to
Yes
. - Web path character replacement language
-
This setting defaults to English and should not be changed.
This setting is not a page translation setting. It only affects how accented characters are translated to valid characters in URLs.
Editing interface settings
- Save button text
-
This field allows you to change the text displayed on the Save button at the bottom of the administration and simple edit interfaces.
- Confirm save changes
-
This field allows you to set whether the warning appears if the user has not clicked Save. By default, this is set to
Yes
.
Asset tree settings
The fields that are available in this section are outlined below:
- Asset limit per set
-
Enter the number of child assets displayed for an asset in the asset tree. If more than this number of child assets exist, the Next and Previous buttons will be provided. By default, this option is set to
50
. For more information on the Next and Previous buttons, refer to the Concepts documentation. - Asset display name
-
This field allows you to specify what information to show for each asset in the asset tree. By default, the short name is shown. This can, however, be modified to display other information, such as asset ID and the number of children. The following keyword replacements can be used, along with other characters:
%asset_assetid%
-
This displays the ID of the asset.
%asset_name%
-
This displays the full name of the asset.
%asset_short_name%
-
This displays the short name of the asset.
%asset_type_code%
-
This displays the type of asset, for example, a standard page.
%asset_status%
-
This displays the status of the asset, for example, safe edit.
%asset_num_kids%
-
This displays the number of immediate child assets an asset has.
HTTP headers settings
Fields marked with an asterisk (* ) can only be edited by the root user.
|
- Send cacheable header*
-
Set this to
Yes
to enable the sending of cacheable cache-control and pragma headers for all public live pages it serves to users not signed in. This setting allows the web browser to cache pages for faster browsing. If set toNo
, Matrix will send these headers:
Cache-Control: No-store, no-cache, must-revalidate, POST-check=0, pre-check=0
Pragma: No-cache
.
- Send last-modified header*
-
Set this field to
Yes
to send a last-modified header for all publicly cached pages it serves to users who are not signed in. - Send not modified status-code*
-
Set this field to
Yes
to send a 304 not modified status code if requested by a proxy. The 304 code will only be sent for publicly cached pages and users who are not signed in. - Send no-cache header for file assets*
-
Set this field to
Yes
to send a no-cache Cache-control header for file asset types. This option can be disabled to resolve inline file display issues involving PDF documents in Internet Explorer. - Send cacheable headers for 404 pages*
-
Set this field to
Yes
to allow pages returning a 404 Not Found response to be cached by a caching proxy server. This option is separate from the send cacheable header option. The cache expiry setting determines the cached response’s expiry time on the Details screen of the cache manager.Read the Cache manager for more information on the Cache manager.
- Use "X-Forwarded-for" header
-
Select whether to enable the x-forwarded-for HTTP header. This header allows parent servers to discern client IPS when behind reverse proxies. IP restrictions within Matrix can be used in conjunction with squid and other reverse proxies specified in the available input fields.
- Set 'HttpOnly' flag for session cookies
-
Select whether to enable HttpOnly cookies. An HttpOnly cookie will only be used when transmitting HTTP or HTTPS requests. Additionally, a web browser will not allow client-side scripts (such as javascript) access to the cookie. This setting can help mitigate the effects of cross-site scripting attacks.
- Set 'Secure' flag for session cookies
-
Specify whether to transmit the secure cookie flag when a connection is made over https. Enabling this will cause browsers to not share the session cookie between HTTP and HTTPS.
- Send IE "X-UA-Compatible" header?
-
Specify whether to send the X-UA-compatible header for Internet Explorer browsers. Enabling this option will send the
IE=edge,chrome=1
X-UA-compatible header, meaning that the webpage will be displayed in 'edge mode', the highest standards mode supported by the IE version being used. - Stale while revalidate expiry
-
Controls the seconds in which the stale cache can be reused for requests after the cache becomes stale. The default is 24-hours (86400 seconds).
This value is served in the
Cache-Control
response header as thestale-while-revalidate
directive to influence Content Delivery Network (CDN) behavior. - Stale if error expiry
-
Controls the seconds in which the stale cache can be reused for requests after the Content Management instance returns errors. The default is 24-hours (86400 seconds).
This value is served in the
Cache-Control
response header as thestale-if-error
directive to influence CDN behavior.
Automatic headers
Some headers are sent by default without needing to configure anything. These are as follows:
- Surrogate-control
-
Content="esi/1.0"
This header is used for proxy cache layers that support Edge Side Include (ESI) tags and are automatically sent when any ESI-based HTML tags start with either<esi:
Or<!--esi
. This header tells the cache layer that the content contains ESI tags that need to be processed by its rendering engine.
If you are signed in and have write access to the current page, you can add ?SQ_DISABLE_ESI
to the end of the URL to prevent this automatic header from being sent, which is useful for debugging ESI tags.
Even with ?SQ_DISABLE_ESI added, the accelerator caching proxy might still be configured to inject the surrogate-control header and process the ESI tags automatically.
If this is the case, you can turn off that proxy configuration. Matrix will automatically add this header if any ESI tags are within the rendered HTML.
|
Roles configuration
Fields marked with an asterisk (* ) can only be edited by the root user.
|
- Enable permission roles system*
-
This field lets you enable permission roles in the system. By default, this is set to
No
. Leaving roles deactivated will increase the performance of the system. - Enable workflow roles system*
-
This field lets you enable workflow roles in the system. By default, this is set to
No
. Leaving roles deactivated increases the performance of the system. - Enable global roles*
-
This field lets you enable global roles in the system. By default, this is set to
No
. Leaving global roles deactivated will increase the performance of the system.
Search engine optimizations
In the Remove self links field, decide whether to remove system links that redirect to the currently viewed asset.
If Yes
is selected, all global-level links will be removed, including links with query strings or URL system suffixes recognized by Matrix, such as the _admin
suffix.
By default, this field is set to No
.
Miscellaneous settings
The following fields are available:
- Visited pages maximum entries
-
Specify the maximum number of visited URL entries to store in the current session. These visited URL entries and asset IDs can be accessed using the global session variables
visited_urls
andvisited_assets
. - Strip matrix comments
-
Decide whether to strip out code using the Matrix comment syntax in your site’s output. This option is enabled by default, meaning that comments will not be displayed on the frontend.