System Configuration
Last Updated: 02 Mar 2020
The System Configuration screen allows you to configure the basic settings for your Squiz Matrix system. To access this screen, click on the System Configuration icon in the top right-hand corner of the screen – the System Configuration screen will appear.
The fields available on this screen can also be changed in the main.inc file which is located in /data/private/conf directory on the server. It is recommended, however, that the System Configuration screen be used instead. For more information on the main.inc file, visit the Annotated Main.inc page at the Squiz Matrix site.
A System Administrator can only edit certain fields on this screen. To be able to edit all fields, you will need to log into the system as the Root User. The fields that are marked with an asterisk (*) in the sections below can only be edited by the Root User.
System Settings
- System Name: enter the name for the system. This name is then shown in the header section of the HTML source code that is created for Site. It is also displayed at the bottom of all emails sent to Squiz Matrix editors and administrators so they know whom to contact for assistance. By default, the name of the system is The System.
- System Owner: enter the owner of the system. This owner name is then shown in the header section of the HTML source code that is created for Site. It is also displayed at the bottom of all emails sent to Squiz Matrix editors and administrators so they know whom to contact for assistance. By default, the owner of the system is blank.
- System Backend Suffix: enter the suffix to be appended to the URL of the Site to access the Administration Interface of Squiz Matrix. By default, this is set to _admin.
If you change the System Backend Suffix, it is recommended that you log out of Squiz Matrix and access the Administration Interface via the new suffix.
- System Simple Edit Suffix: enter the suffix to be appended to the URL of the Site to access the Simple Edit Interface of Squiz Matrix. By default, this is set to _edit.
- System Login Suffix: enter the suffix to be appended to the URL of a page so that you can log in. Using this suffix will mean that the Squiz Matrix login box will appear where you can enter your username and password. Instead of going to the Administration or Simple Edit Interface, however, you will be returned to the page you were currently viewing. For example, if you are viewing the Contact Us page on your Site and you append _login onto the end of the URL, the login box will appear. Once you have entered your username and password, you will be returned to the Contact Us page. By default, this suffix is set to _login.
The System Login Suffix is useful if you have information or tools on your Site that you only want certain users to view but you do not want to add a login box into your design so they can access them.
- System Bypass Cache Suffix: enter the suffix to be appended to the URL of the Site to access the matrix-uncached version of the page. Using this suffix forces Squiz Matrix to serve the most recent version of the page to the user. By default, this is set to _nocache.
- System Bypass Proxy Cache Suffix: enter the suffix to be appended to the URL of the Site to access the proxy-uncached version of the page. Using this suffix forces Squiz Matrix to ignore any "Send Cacheable Headers" settings and will not send relevant headers (such as Cache-Control, Expires, and Last-Modified) when serving the page to the user. By default, this is set to _noproxycache.
- System Clear Cache Suffix: enter the suffix to be appended to the URL of the Site to clear and re-populate the Squiz Matrix cache for the page. Please note that relative href's generated when using _recache are meant to work for the actual URL without the suffix, and will not work as expected when viewing with the suffix attached. By default, this is set to _recache.
- Performance Mode Suffix: enter the suffix to be appended to the URL of the Site to access Squiz Matrix Performance Mode. By default, this is set to _performance.
- System Timezone: enter the time zone for the system. By default, this is set to Australia/Sydney.
- Disable Attribution: select Yes to disable the 'Running Squiz Matrix' attribution from the design source of your sites. Please note that Design assets will need to be regenerated before this option takes effect. By default, this option is set to No, meaning that the attribution will be displayed.
- Enforce Same Origin Frame: if Squiz Matrix is nested in the frame of a page, enabling this option will check that both the page and your system are hosted on the same domain. If they are not, the browser will block the loading of the page. By default, this option is enabled. It is recommended that you keep this option enabled for added security.
System URL Settings
- System Root URLs: this field allows you to define the list of URLs that can be used to access Squiz Matrix. All Site assets created within Squiz Matrix must have a URL applied that is based on a URL listed in this field. You can enter as many URLs as you would like, with each URL being defined on a new line. The protocol (i.e. http:// or https://) should not be specified.
- System Parent Domains: this field allows you to define a list of parent domains to use for setting session cookies. Parent domains are useful if several system root URLs have a common parent domain. If the current URL ends with one of the parent domains then the cookie will be set on the parent domain instead, with the result being that the user's session will persist across the parent domain and all its subdomains. For example, syd.example.com and mel.example.com are defined as the System Root URLs and example.com is defined as the System Parent Domain. When a user visits syd.example.com, the cookie will be created for example.com. When they visit mel.example.com, the cookie that was created for example.com will be used.
- System Static URL*: by default, Squiz Matrix rewrites URLs for publicly accessible and live file-based assets to an Apache readable directory on the same server that Squiz Matrix is installed on. By entering a System Static URL, you can tell Squiz Matrix to rewrite those URLs to an alternative location, which could be a different (and lightweight) piece of web server software on the same machine as the Squiz Matrix install or a completely different machine. Leave this field blank to use the default Squiz Matrix behaviour. This is an advanced configuration option and should only be used if instructed by Squiz.
- Restricted File Extensions via Static Root Domain: this field allows you to set the file extension types (comma-separated) that will not be served via the static URL of your system, as specified in the above System Static URL field. This means that any specified file types will not use the system's static root domain (i.e. www.example.com), instead of using the Squiz Matrix system root URL. Any file types not specified in this field will be served via the static URL.
- Static URL uses HTTP*: specify whether or not the static files can be served using the http:// protocol.
- Static URL uses HTTPS*: specify whether or not the static files can be served using the https:// protocol.
- System Web Path Separator: this field allows you to define the character to be used to replace the spaces in the names of the assets when automatically generating web paths. For example, an asset with the name Contact Us would have an automatically generated web path of
contact-us
, where the web path separator has replaced the space. By default, the web path separator is-
. - Redirect URL with Trailing Slash: enabling this option will strip trailing slashes off front-end requested URLs and redirect them. This will mean that Squiz Matrix will log just one cache entry for the URL content, where it would otherwise treat URLs with trailing slashes as a separate cache entry. Please note that this option does not apply to root URLs due to the possibility of apache being configured to append the trailing slash.
Rollback Settings
This section shows whether or not rollback is enabled on the system. If this is set to No, Squiz Matrix is not recording any changes to assets and hence, no information is available on the History screen of an asset.
For more information on how to enable rollback, refer to the Rollback manual.
Email Settings
- Default Email: specify the default email address for the system. This is the email address that Squiz Matrix will use to send emails to if it has not been supplied with an email address for the message. For example, if a Custom Form has been configured to send emails but the to address has not been filled in, the email will be sent to the address specified in this field. This email address should be for the owner of the Squiz Matrix installation. By default this field is blank.
- Tech Email: specify the tech email address for the system. This is the email address that Squiz Matrix will use to send technical emails to, such as error reports and system configuration changes. This email address should be for a user that is able to diagnose and fix technical problems with the Squiz Matrix installation. By default this field is blank.
Login/Session Settings
- Root URLs Requiring Secure Login*: this field allows you to select which System Root URLs will attempt to display the login box using the HTTPS protocol regardless of other protocol settings on the site.
- Max Login Attempts*: enter the maximum number of times a user may incorrectly enter this password before their account is locked. Enter zero (0) to allow an unlimited number of attempts.
To lock an account, Squiz Matrix changes the Status of the user account to Under Construction. To unlock the account, an administrator needs to change the Status back to Live.
- Allow IP Change*: by default, if a user's IP address changed while they are using Squiz Matrix, they will be logged out to ensure their account is not being used by someone else at the same time. Proxy settings in some companies may change the IP address of the user each time they view a Squiz Matrix page, effectively logging out the user each time they try and navigate to a new page. Enabling this setting will tell Squiz Matrix to allow a user's IP address to change throughout their session.
- Process PHP Credentials*: if a user has previously entered their username and password in a standard HTTP authentication form, Squiz Matrix will be provided with the username and password they entered. If this setting is enabled, Squiz Matrix will attempt to log the user into the system using the username and password combination provided without requiring them to retype their username and password. The password stored within Squiz Matrix must match the password entered during the initial HTTP authentication.
- Enable HTTP Authentication*: if this option is enabled, Squiz Matrix will generate an HTTP Authentication dialogue box instead of showing the normal login design. This then allows external tools to log into Squiz Matrix by appending USE_HTTP_LOGIN=1 to the URL.
The Process PHP Credentials option must also be enabled to use HTTP authentication.
- Accept HTTP Authentication*: this setting controls whether Squiz Matrix should use a user name sent from an external authentication mechanism (for example, an authentication system provided by a web server or a proxy) to automatically log in a user, without them having to enter their password directly into the system. Squiz Matrix will assume the user has been successfully authenticated from the external system and does not check the password entered during the original authentication against their Squiz Matrix password.
- HTTP Authentication Variable*: this setting controls the PHP server variable used to authenticate external users if Accept HTTP Authentication setting is turned on.
- REMOTE_USER: used by standard HTTP authentication systems such as that used by Apache. This is the default setting
- HTTP_*: some proxies may send a user name as an HTTP header instead. Generally speaking, to convert from an HTTP header name to a server variable name, the header name should be capitalised, hyphens should be changed to underscores, and HTTP_ added to the front. For example, if the user name is returned in a header X-User-Name, this setting should be set to HTTP-X-USER-NAME.
- Enable External Authentication Systems*: this setting controls whether external authentication systems (LDAP and IPB Bridges) are enabled when authenticating a user. When this option is disabled, only the Default Authentication asset will be returned from the Authentication Systems folder under the System Management folder. This allows a System Administrator to temporarily disable external authentication in certain circumstances, for example, if an external system is compromised.
- Use Default PHP session file save path*: this setting allows you to choose whether or not to use the default PHP session file save path (as specified in the php.ini configuration file), or let Squiz Matrix set it to the cache folder of the system. The former may be required when using shared storage, i.e. with multiple servers, while the latter is required for site networks to operate.
Authentication may be bypassed if this setting is used with a HTTP header.
To securely implement this setting you must ensure that any HTTP header is fully managed through all routes to Matrix.
There are two common variables for this setting:
Intervals
- Lock Length: enter the time (in seconds) for how long a lock is held before expiring. For example, if a user locks an asset and then decides they do not want to edit it any more, the lock will be released automatically after the number of seconds entered into this field has elapsed.
- Lock Refresh Interval: enter the time (in seconds) for how often the lock automatically refreshes in the Administration and Simple Edit Interfaces.
- Lock Inactivity Expiry: enter the time (in seconds) for how long a lock is held before it expires (in seconds) due to inactivity on the current screen. in the Administration and Simple Edit Interfaces. The refreshing of this frame reacquires locks that the user still needs.
The Lock Refresh Interval should be set to a value that is shorter than the Lock Length. Otherwise, the locks will expire while the user is still editing an asset.
PHP Configuration
- Web Memory Limit: enter the maximum amount of memory that can be used by the Squiz Matrix Web system. By default, this is set to 64MB. However, on larger and more complex systems, this limit will probably need to be increased.
- Cron Memory Limit: enter the maximum amount of memory that can be used by the Squiz Matrix Cron system. By default, this is set to 64MB. However, on larger and more complex systems, this limit will probably need to be increased.
Error/Debug Settings
- Log Errors*: select whether or not to log all errors generated on the Frontend and editing interfaces to the error log. It is highly recommended that you do not alter the default value of this field, which is Yes.
- Log Errors to Syslog?*: select whether or not to log system errors to the operating system log. If this field is set to Yes, the System Name will be used as the system log identifier. If no name is specified, the default string Squiz MySource [version] (Matrix) will be used. By default, this field is set to No.
- Syslog Facility*: select the facility used for logging errors to the operating system log. This will determine where in the system log the errors will be filed. Please note that the Log Errors to Syslog field must be set to Yes for this field to work. The options available are User and Local 0 to 7. These facilities are user-defined and must be configured in the system's syslog.conf file.
- Debug Settings*: the following options can be set for the formatting of error messages:
- Show File and Line number in error messages: check this box to show both the file and line number in error messages. This is not selected by default.
- Show Stack Trace in error messages: check this box to show the stack trace in error messages. This is not selected by default.
- Show additional information about memory and performance: check this box to show additional information about memory and performance in error messages.
Internationalisation Settings
- Default Frontend Language: Select the Frontend language that is sent in the headers of the pages in your Site. This does not change the way that Squiz Matrix works but rather tells the web browsers (for example Internet Explorer and Mozilla Firefox) how to interpret the content of the page on the Frontend of your Site. This setting can be configured on individual assets, but if the value has not been set then this value is used.
This feature has been deprecated and removed as of version 5.5.0.0 of Squiz Matrix.
- Default Backend Language: The language to use in the backend interface of both Admin and Edit mode. Note that currently only Polish has been translated in the backend. Changing this setting will also set the correct HTML lang attribute for Edit+, which tells Edit+ to try and use the same language for its interface, but only when you use the Edit+ Design Tag in your design code.
- Replace Accented Characters in Web Paths: Select whether or not to use character conversion for web paths based on the International Settings. If this field is set to Yes, newly-created assets' web paths will be converted to characters of the selected language. Please note that not all languages are supported. By default, this field is set to Yes.
Editing Interface Settings
- Commit Button Text: This field allows you to change the text that is displayed on the Commit button at the bottom of the Administration and Simple Edit Interfaces.
- Confirm Save Changes: This field allows you to set whether or not the warning appears if the user has not clicked Commit. By default, this is set to Yes.
Asset Map Settings
The fields that are available in this section are outlined below:
- Asset Limit Per Set: enter the number of child assets that can be displayed for an asset in the Asset Map. If there is more than this number of child assets, the next and previous buttons will be provided. By default, this option is set to 50. For more information on the next and previous buttons, refer to the Concepts manual.
- Asset Display Name: This field allows you to specify what information to show for each asset in the Asset Map. By default, the short name is shown, however, this can be modified to display other information such as asset id and the number of children. The following keyword replacements can be used, along with other characters:
- %asset_assetid%: this displays the id of the asset.
- %asset_name%: this displays the full name of the asset.
- %asset_short_name%: this displays the short name of the asset.
- %asset_type_code%: this displays the type of asset, for example, Standard Page.
- %asset_status%: this displays the status of the asset, for example, Safe Edit.
- %asset_num_kids%: this displays the number of immediate child assets an asset has.
HTTP Headers Settings
- Send Cacheable Header*: Set this to Yes to enable the sending of cacheable Cache-Control and Pragma headers for all public Live pages it serves to users who are not logged in. This allows the web browser to cache pages for faster browsing. If set to No, Matrix will send
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
andPragma: no-cache
headers. - Send Last-Modified Header*: Set this field to Yes to send a last-modified header for all publicly cached pages it serves to users who are not logged in.
- Send Not Modified Status-Code*: Set this field to Yes to send a "304 Not Modified" status code if requested to do so by a proxy. The 304 code will only be sent for publicly cached pages and for users who are not logged in.
- Send no-cache header for File assets*: Set this field to Yes to send a no-cache Cache-control header for file asset types. This option can be disabled to resolve inline file display issues involving PDF documents in Internet Explorer.
- Send 404 Cacheable Header*: Set this field to Yes to allow pages returning an HTTP 404 not found response to be cached by a caching proxy server. This option is separate from the Send Cacheable Header option. The expiry time of the cached response is determined by the cache expiry setting on the Details screen of the Cache Manager. For more information on the Cache Manager, refer to the Cache Manager chapter in the System Management manual.
- Use "X-Forwarded-For" Header: Select whether or not to enable the X-Forwarded-For HTTP header. This header allows parent servers to discern client IPs when behind reverse proxies. This means that IP restrictions within Squiz Matrix can be used in conjunction with Squid and other reverse proxies, specified in the available input fields.
- Set 'HttpOnly' Flag for Session Cookies: Select whether or not to enable HttpOnly cookies. An HttpOnly cookie will only be used when transmitting HTTP or HTTPS requests. Additionally, a web browser will not allow client-side scripts (such as JavaScript) access to the cookie. This can help mitigate the effects of cross-site scripting attacks.
- Set 'Secure' Flag for Session Cookies: Specify whether or not to transmit the secure cookie flag when a connection is made over HTTPS. Enabling this will cause browsers to not share the session cookie between HTTP and HTTPS.
- Send IE "X-UA-Compatible" Header?: Specify whether or not to send the X-UA-Compatible header for Internet Explorer browsers. Enabling this option will send the IE=edge,chrome=1 X-UA-Compatible header, meaning that the webpage will be displayed in 'edge mode', the highest standards mode supported by the IE version being used.
Automatic Headers
Matrix sends some headers by default without needing to configure anything. These are as follows:
Surrogate-Control: content="ESI/1.0"
This header is used for proxy cache layers that support ESI (Edge Side Include) tags, such as Squiz Edge. This header is automatically sent by Matrix if it finds any ESI based HTML tags that start with either<esi:
or<!--esi
. This header basically tells the cache layer that the content contains ESI tags that need to be processed by it's rendering engine.
If you are logged in and have write access to the current page, you can also add?SQ_DISABLE_ESI
to the end of the URL to disable this automatic header from being sent, which is useful for debugging ESI tags.
Even with
?SQ_DISABLE_ESI
added, the accelerator caching proxy might still be configured to automatically inject theSurrogate-Control
header and thus process the ESI tags. If this is the case, you can disable that proxy config as Matrix will automatically add this header if there are any ESI tags within the rendered HTML.
Roles Configuration
- Enable Permission Roles System*: this field allows you to enable Permission Roles in the system. By default, this is set to No. Leaving Roles disabled will increase the performance of the system.
- Enable Workflow Roles System*: this field allows you to enable Workflow Roles in the system. By default, this is set to No. Leaving Roles disabled will increase the performance of the system.
- Enable Global Roles*: this field allows you to enable global roles in the system. By default, this is set to No. Leaving global roles disabled will increase the performance of the system.
Search Engine Optimisations
In the Remove self links field, select whether or not to remove system links which direct to the currently viewed asset. If Yes is selected, all global level links will be removed including links with query strings or URL system suffixes recognised by Squiz Matrix, such as the admin or simple edit interface suffixes. By default, this field is set to No.
Miscellaneous Settings
The following fields are available:
- Visited Pages Maximum Entries: specify the maximum number of visited URL entries to store in the current session. These visited URL entries and asset IDs can be accessed using the global session variables visited_urls and visited_assets.
- Strip Matrix Comments: select whether or not to strip out code using the Squiz Matrix comment syntax in the output of your site. By default, this option is enabled, meaning that comments will not be displayed on the front-end.