D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
thread-self
/
root
/
proc
/
thread-self
/
root
/
proc
/
self
/
root
/
var
/
softaculous
/
drupal
/
Filename :
settings.php
back
Copy
<?php /** * @file * Drupal site-specific configuration file. * * IMPORTANT NOTE: * This file may have been set to read-only by the Drupal installation program. * If you make changes to this file, be sure to protect it again after making * your modifications. Failure to remove write permissions to this file is a * security risk. * * The configuration file to be loaded is based upon the rules below. However * if the multisite aliasing file named sites/sites.php is present, it will be * loaded, and the aliases in the array $sites will override the default * directory rules below. See sites/example.sites.php for more information about * aliases. * * The configuration directory will be discovered by stripping the website's * hostname from left to right and pathname from right to left. The first * configuration file found will be used and any others will be ignored. If no * other configuration file is found then the default configuration file at * 'sites/default' will be used. * * For example, for a fictitious site installed at * http://www.drupal.org:8080/mysite/test/, the 'settings.php' file is searched * for in the following directories: * * - sites/8080.www.drupal.org.mysite.test * - sites/www.drupal.org.mysite.test * - sites/drupal.org.mysite.test * - sites/org.mysite.test * * - sites/8080.www.drupal.org.mysite * - sites/www.drupal.org.mysite * - sites/drupal.org.mysite * - sites/org.mysite * * - sites/8080.www.drupal.org * - sites/www.drupal.org * - sites/drupal.org * - sites/org * * - sites/default * * Note that if you are installing on a non-standard port number, prefix the * hostname with that number. For example, * http://www.drupal.org:8080/mysite/test/ could be loaded from * sites/8080.www.drupal.org.mysite.test/. * * @see example.sites.php * @see conf_path() */ /** * Database settings: * * The $databases array specifies the database connection or * connections that Drupal may use. Drupal is able to connect * to multiple databases, including multiple types of databases, * during the same request. * * Each database connection is specified as an array of settings, * similar to the following: * @code * array( * 'driver' => 'mysql', * 'database' => 'databasename', * 'username' => 'username', * 'password' => 'password', * 'host' => 'localhost', * 'port' => 3306, * 'prefix' => 'myprefix_', * 'collation' => 'utf8_general_ci', * ); * @endcode * * The "driver" property indicates what Drupal database driver the * connection should use. This is usually the same as the name of the * database type, such as mysql or sqlite, but not always. The other * properties will vary depending on the driver. For SQLite, you must * specify a database file name in a directory that is writable by the * webserver. For most other drivers, you must specify a * username, password, host, and database name. * * Transaction support is enabled by default for all drivers that support it, * including MySQL. To explicitly disable it, set the 'transactions' key to * FALSE. * Note that some configurations of MySQL, such as the MyISAM engine, don't * support it and will proceed silently even if enabled. If you experience * transaction related crashes with such configuration, set the 'transactions' * key to FALSE. * * For each database, you may optionally specify multiple "target" databases. * A target database allows Drupal to try to send certain queries to a * different database if it can but fall back to the default connection if not. * That is useful for master/slave replication, as Drupal may try to connect * to a slave server when appropriate and if one is not available will simply * fall back to the single master server. * * The general format for the $databases array is as follows: * @code * $databases['default']['default'] = $info_array; * $databases['default']['slave'][] = $info_array; * $databases['default']['slave'][] = $info_array; * $databases['extra']['default'] = $info_array; * @endcode * * In the above example, $info_array is an array of settings described above. * The first line sets a "default" database that has one master database * (the second level default). The second and third lines create an array * of potential slave databases. Drupal will select one at random for a given * request as needed. The fourth line creates a new database with a name of * "extra". * * For a single database configuration, the following is sufficient: * @code * $databases['default']['default'] = array( * 'driver' => 'mysql', * 'database' => 'databasename', * 'username' => 'username', * 'password' => 'password', * 'host' => 'localhost', * 'prefix' => 'main_', * 'collation' => 'utf8_general_ci', * ); * @endcode * * For handling full UTF-8 in MySQL, including multi-byte characters such as * emojis, Asian symbols, and mathematical symbols, you may set the collation * and charset to "utf8mb4" prior to running install.php: * @code * $databases['default']['default'] = array( * 'driver' => 'mysql', * 'database' => 'databasename', * 'username' => 'username', * 'password' => 'password', * 'host' => 'localhost', * 'charset' => 'utf8mb4', * 'collation' => 'utf8mb4_general_ci', * ); * @endcode * When using this setting on an existing installation, ensure that all existing * tables have been converted to the utf8mb4 charset, for example by using the * utf8mb4_convert contributed project available at * https://www.drupal.org/project/utf8mb4_convert, so as to prevent mixing data * with different charsets. * Note this should only be used when all of the following conditions are met: * - In order to allow for large indexes, MySQL must be set up with the * following my.cnf settings: * [mysqld] * innodb_large_prefix=true * innodb_file_format=barracuda * innodb_file_per_table=true * These settings are available as of MySQL 5.5.14, and are defaults in * MySQL 5.7.7 and up. * - The PHP MySQL driver must support the utf8mb4 charset (libmysqlclient * 5.5.3 and up, as well as mysqlnd 5.0.9 and up). * - The MySQL server must support the utf8mb4 charset (5.5.3 and up). * * You can optionally set prefixes for some or all database table names * by using the 'prefix' setting. If a prefix is specified, the table * name will be prepended with its value. Be sure to use valid database * characters only, usually alphanumeric and underscore. If no prefixes * are desired, leave it as an empty string ''. * * To have all database names prefixed, set 'prefix' as a string: * @code * 'prefix' => 'main_', * @endcode * To provide prefixes for specific tables, set 'prefix' as an array. * The array's keys are the table names and the values are the prefixes. * The 'default' element is mandatory and holds the prefix for any tables * not specified elsewhere in the array. Example: * @code * 'prefix' => array( * 'default' => 'main_', * 'users' => 'shared_', * 'sessions' => 'shared_', * 'role' => 'shared_', * 'authmap' => 'shared_', * ), * @endcode * You can also use a reference to a schema/database as a prefix. This may be * useful if your Drupal installation exists in a schema that is not the default * or you want to access several databases from the same code base at the same * time. * Example: * @code * 'prefix' => array( * 'default' => 'main.', * 'users' => 'shared.', * 'sessions' => 'shared.', * 'role' => 'shared.', * 'authmap' => 'shared.', * ); * @endcode * NOTE: MySQL and SQLite's definition of a schema is a database. * * Advanced users can add or override initial commands to execute when * connecting to the database server, as well as PDO connection settings. For * example, to enable MySQL SELECT queries to exceed the max_join_size system * variable, and to reduce the database connection timeout to 5 seconds. * * NOTE: NO_AUTO_CREATE_USER was removed in MySQL 8.0.11. * Some hosting providers/MySQL packages may report the wrong MySQL version. * If this is the case, set 'sql_mode' manually: * * @code * $databases['default']['default'] = array( * 'init_commands' => array( * 'big_selects' => 'SET SQL_BIG_SELECTS=1', * 'sql_mode' => "SET sql_mode = 'REAL_AS_FLOAT,PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO", * ), * 'pdo' => array( * PDO::ATTR_TIMEOUT => 5, * ), * ); * @endcode * * WARNING: These defaults are designed for database portability. Changing them * may cause unexpected behavior, including potential data loss. * * @see DatabaseConnection_mysql::__construct * @see DatabaseConnection_pgsql::__construct * @see DatabaseConnection_sqlite::__construct * * Database configuration format: * @code * $databases['default']['default'] = array( * 'driver' => 'mysql', * 'database' => 'databasename', * 'username' => 'username', * 'password' => 'password', * 'host' => 'localhost', * 'prefix' => '', * ); * $databases['default']['default'] = array( * 'driver' => 'pgsql', * 'database' => 'databasename', * 'username' => 'username', * 'password' => 'password', * 'host' => 'localhost', * 'prefix' => '', * ); * $databases['default']['default'] = array( * 'driver' => 'sqlite', * 'database' => '/path/to/databasefilename', * ); * @endcode */ $databases = array ( 'default' => array ( 'default' => array ( 'database' => '[[softdb]]', 'username' => '[[softdbuser]]', 'password' => '[[softdbpass]]', 'host' => '[[softdbhost]]', 'port' => '', 'driver' => 'mysql', 'prefix' => '[[dbprefix]]', ), ), ); /** * Quoting of identifiers in MySQL. * * To allow compatibility with newer versions of MySQL, Drupal will quote table * names and some other identifiers. The ANSI standard character for identifier * quoting is the double quote (") and that can be used by MySQL along with the * sql_mode setting of ANSI_QUOTES. However, MySQL's own default is to use * backticks (`). Drupal 7 uses backticks for compatibility. If you need to * change this, you can do so with this variable. It's possible to switch off * identifier quoting altogether by setting this variable to an empty string. * * @see https://www.drupal.org/project/drupal/issues/2978575 * @see https://dev.mysql.com/doc/refman/8.0/en/identifiers.html * @see \DatabaseConnection_mysql::setPrefix * @see \DatabaseConnection_mysql::quoteIdentifier */ # $conf['mysql_identifier_quote_character'] = '"'; /** * Access control for update.php script. * * If you are updating your Drupal installation using the update.php script but * are not logged in using either an account with the "Administer software * updates" permission or the site maintenance account (the account that was * created during installation), you will need to modify the access check * statement below. Change the FALSE to a TRUE to disable the access check. * After finishing the upgrade, be sure to open this file again and change the * TRUE back to a FALSE! */ $update_free_access = FALSE; /** * Salt for one-time login links and cancel links, form tokens, etc. * * This variable will be set to a random value by the installer. All one-time * login links will be invalidated if the value is changed. Note that if your * site is deployed on a cluster of web servers, you must ensure that this * variable has the same value on each server. If this variable is empty, a hash * of the serialized database credentials will be used as a fallback salt. * * For enhanced security, you may set this variable to a value using the * contents of a file outside your docroot that is never saved together * with any backups of your Drupal files and database. * * Example: * $drupal_hash_salt = file_get_contents('/home/example/salt.txt'); * */ $drupal_hash_salt = '[[hash_salt]]'; /** * Base URL (optional). * * If Drupal is generating incorrect URLs on your site, which could * be in HTML headers (links to CSS and JS files) or visible links on pages * (such as in menus), uncomment the Base URL statement below (remove the * leading hash sign) and fill in the absolute URL to your Drupal installation. * * You might also want to force users to use a given domain. * See the .htaccess file for more information. * * Examples: * $base_url = 'http://www.example.com'; * $base_url = 'http://www.example.com:8888'; * $base_url = 'http://www.example.com/drupal'; * $base_url = 'https://www.example.com:8888/drupal'; * * It is not allowed to have a trailing slash; Drupal will add it * for you. */ # $base_url = 'http://www.example.com'; // NO trailing slash! /** * PHP settings: * * To see what PHP settings are possible, including whether they can be set at * runtime (by using ini_set()), read the PHP documentation: * http://www.php.net/manual/ini.list.php * See drupal_environment_initialize() in includes/bootstrap.inc for required * runtime settings and the .htaccess file for non-runtime settings. Settings * defined there should not be duplicated here so as to avoid conflict issues. */ /** * Some distributions of Linux (most notably Debian) ship their PHP * installations with garbage collection (gc) disabled. Since Drupal depends on * PHP's garbage collection for clearing sessions, ensure that garbage * collection occurs by using the most common settings. */ ini_set('session.gc_probability', 1); ini_set('session.gc_divisor', 100); /** * Set session lifetime (in seconds), i.e. the time from the user's last visit * to the active session may be deleted by the session garbage collector. When * a session is deleted, authenticated users are logged out, and the contents * of the user's $_SESSION variable is discarded. */ ini_set('session.gc_maxlifetime', 200000); /** * Set session cookie lifetime (in seconds), i.e. the time from the session is * created to the cookie expires, i.e. when the browser is expected to discard * the cookie. The value 0 means "until the browser is closed". */ ini_set('session.cookie_lifetime', 2000000); /** * If you encounter a situation where users post a large amount of text, and * the result is stripped out upon viewing but can still be edited, Drupal's * output filter may not have sufficient memory to process it. If you * experience this issue, you may wish to uncomment the following two lines * and increase the limits of these variables. For more information, see * http://php.net/manual/pcre.configuration.php. */ # ini_set('pcre.backtrack_limit', 200000); # ini_set('pcre.recursion_limit', 200000); /** * Drupal automatically generates a unique session cookie name for each site * based on its full domain name. If you have multiple domains pointing at the * same Drupal site, you can either redirect them all to a single domain (see * comment in .htaccess), or uncomment the line below and specify their shared * base domain. Doing so assures that users remain logged in as they cross * between your various domains. Make sure to always start the $cookie_domain * with a leading dot, as per RFC 2109. */ # $cookie_domain = '.example.com'; /** * Variable overrides: * * To override specific entries in the 'variable' table for this site, * set them here. You usually don't need to use this feature. This is * useful in a configuration file for a vhost or directory, rather than * the default settings.php. Any configuration setting from the 'variable' * table can be given a new value. Note that any values you provide in * these variable overrides will not be modifiable from the Drupal * administration interface. * * The following overrides are examples: * - site_name: Defines the site's name. * - theme_default: Defines the default theme for this site. * - anonymous: Defines the human-readable name of anonymous users. * Remove the leading hash signs to enable. */ # $conf['site_name'] = 'My Drupal site'; # $conf['theme_default'] = 'garland'; # $conf['anonymous'] = 'Visitor'; /** * A custom theme can be set for the offline page. This applies when the site * is explicitly set to maintenance mode through the administration page or when * the database is inactive due to an error. It can be set through the * 'maintenance_theme' key. The template file should also be copied into the * theme. It is located inside 'modules/system/maintenance-page.tpl.php'. * Note: This setting does not apply to installation and update pages. */ # $conf['maintenance_theme'] = 'bartik'; /** * Reverse Proxy Configuration: * * Reverse proxy servers are often used to enhance the performance * of heavily visited sites and may also provide other site caching, * security, or encryption benefits. In an environment where Drupal * is behind a reverse proxy, the real IP address of the client should * be determined such that the correct client IP address is available * to Drupal's logging, statistics, and access management systems. In * the most simple scenario, the proxy server will add an * X-Forwarded-For header to the request that contains the client IP * address. However, HTTP headers are vulnerable to spoofing, where a * malicious client could bypass restrictions by setting the * X-Forwarded-For header directly. Therefore, Drupal's proxy * configuration requires the IP addresses of all remote proxies to be * specified in $conf['reverse_proxy_addresses'] to work correctly. * * Enable this setting to get Drupal to determine the client IP from * the X-Forwarded-For header (or $conf['reverse_proxy_header'] if set). * If you are unsure about this setting, do not have a reverse proxy, * or Drupal operates in a shared hosting environment, this setting * should remain commented out. * * In order for this setting to be used you must specify every possible * reverse proxy IP address in $conf['reverse_proxy_addresses']. * If a complete list of reverse proxies is not available in your * environment (for example, if you use a CDN) you may set the * $_SERVER['REMOTE_ADDR'] variable directly in settings.php. * Be aware, however, that it is likely that this would allow IP * address spoofing unless more advanced precautions are taken. */ # $conf['reverse_proxy'] = TRUE; /** * Specify every reverse proxy IP address in your environment. * This setting is required if $conf['reverse_proxy'] is TRUE. */ # $conf['reverse_proxy_addresses'] = array('a.b.c.d', ...); /** * Set this value if your proxy server sends the client IP in a header * other than X-Forwarded-For. */ # $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP'; /** * Page caching: * * By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page * views. This tells a HTTP proxy that it may return a page from its local * cache without contacting the web server, if the user sends the same Cookie * header as the user who originally requested the cached page. Without "Vary: * Cookie", authenticated users would also be served the anonymous page from * the cache. If the site has mostly anonymous users except a few known * editors/administrators, the Vary header can be omitted. This allows for * better caching in HTTP proxies (including reverse proxies), i.e. even if * clients send different cookies, they still get content served from the cache. * However, authenticated users should access the site directly (i.e. not use an * HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid * getting cached pages from the proxy. */ # $conf['omit_vary_cookie'] = TRUE; /** * CSS/JS aggregated file gzip compression: * * By default, when CSS or JS aggregation and clean URLs are enabled Drupal will * store a gzip compressed (.gz) copy of the aggregated files. If this file is * available then rewrite rules in the default .htaccess file will serve these * files to browsers that accept gzip encoded content. This allows pages to load * faster for these users and has minimal impact on server load. If you are * using a webserver other than Apache httpd, or a caching reverse proxy that is * configured to cache and compress these files itself you may want to uncomment * one or both of the below lines, which will prevent gzip files being stored. */ # $conf['css_gzip_compression'] = FALSE; # $conf['js_gzip_compression'] = FALSE; /** * Block caching: * * Block caching may not be compatible with node access modules depending on * how the original block cache policy is defined by the module that provides * the block. By default, Drupal therefore disables block caching when one or * more modules implement hook_node_grants(). If you consider block caching to * be safe on your site and want to bypass this restriction, uncomment the line * below. */ # $conf['block_cache_bypass_node_grants'] = TRUE; /** * Expiration of cache_form entries: * * Drupal's Form API stores details of forms in cache_form and these entries are * kept for at least 6 hours by default. Expired entries are cleared by cron. * Busy sites can encounter problems with the cache_form table becoming very * large. It's possible to mitigate this by setting a shorter expiration for * cached forms. In some cases it may be desirable to set a longer cache * expiration, for example to prolong cache_form entries for Ajax forms in * cached HTML. * * @see form_set_cache() * @see system_cron() * @see ajax_get_form() */ # $conf['form_cache_expiration'] = 21600; /** * String overrides: * * To override specific strings on your site with or without enabling the Locale * module, add an entry to this list. This functionality allows you to change * a small number of your site's default English language interface strings. * * Remove the leading hash signs to enable. */ # $conf['locale_custom_strings_en'][''] = array( # 'forum' => 'Discussion board', # '@count min' => '@count minutes', # ); /** * * IP blocking: * * To bypass database queries for denied IP addresses, use this setting. * Drupal queries the {blocked_ips} table by default on every page request * for both authenticated and anonymous users. This allows the system to * block IP addresses from within the administrative interface and before any * modules are loaded. However on high traffic websites you may want to avoid * this query, allowing you to bypass database access altogether for anonymous * users under certain caching configurations. * * If using this setting, you will need to add back any IP addresses which * you may have blocked via the administrative interface. Each element of this * array represents a blocked IP address. Uncommenting the array and leaving it * empty will have the effect of disabling IP blocking on your site. * * Remove the leading hash signs to enable. */ # $conf['blocked_ips'] = array( # 'a.b.c.d', # ); /** * Fast 404 pages: * * Drupal can generate fully themed 404 pages. However, some of these responses * are for images or other resource files that are not displayed to the user. * This can waste bandwidth, and also generate server load. * * The options below return a simple, fast 404 page for URLs matching a * specific pattern: * - 404_fast_paths_exclude: A regular expression to match paths to exclude, * such as images generated by image styles, or dynamically-resized images. * The default pattern provided below also excludes the private file system. * If you need to add more paths, you can add '|path' to the expression. * - 404_fast_paths: A regular expression to match paths that should return a * simple 404 page, rather than the fully themed 404 page. If you don't have * any aliases ending in htm or html you can add '|s?html?' to the expression. * - 404_fast_html: The html to return for simple 404 pages. * * Add leading hash signs if you would like to disable this functionality. */ $conf['404_fast_paths_exclude'] = '/\/(?:styles)|(?:system\/files)\//'; $conf['404_fast_paths'] = '/\.(?:txt|png|gif|jpe?g|css|js|ico|swf|flv|cgi|bat|pl|dll|exe|asp)$/i'; $conf['404_fast_html'] = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL "@path" was not found on this server.</p></body></html>'; /** * By default the page request process will return a fast 404 page for missing * files if they match the regular expression set in '404_fast_paths' and not * '404_fast_paths_exclude' above. 404 errors will simultaneously be logged in * the Drupal system log. * * You can choose to return a fast 404 page earlier for missing pages (as soon * as settings.php is loaded) by uncommenting the line below. This speeds up * server response time when loading 404 error pages and prevents the 404 error * from being logged in the Drupal system log. In order to prevent valid pages * such as image styles and other generated content that may match the * '404_fast_paths' regular expression from returning 404 errors, it is * necessary to add them to the '404_fast_paths_exclude' regular expression * above. Make sure that you understand the effects of this feature before * uncommenting the line below. */ # drupal_fast_404(); /** * External access proxy settings: * * If your site must access the Internet via a web proxy then you can enter * the proxy settings here. Currently only basic authentication is supported * by using the username and password variables. The proxy_user_agent variable * can be set to NULL for proxies that require no User-Agent header or to a * non-empty string for proxies that limit requests to a specific agent. The * proxy_exceptions variable is an array of host names to be accessed directly, * not via proxy. */ # $conf['proxy_server'] = ''; # $conf['proxy_port'] = 8080; # $conf['proxy_username'] = ''; # $conf['proxy_password'] = ''; # $conf['proxy_user_agent'] = ''; # $conf['proxy_exceptions'] = array('127.0.0.1', 'localhost'); /** * Authorized file system operations: * * The Update manager module included with Drupal provides a mechanism for * site administrators to securely install missing updates for the site * directly through the web user interface. On securely-configured servers, * the Update manager will require the administrator to provide SSH or FTP * credentials before allowing the installation to proceed; this allows the * site to update the new files as the user who owns all the Drupal files, * instead of as the user the webserver is running as. On servers where the * webserver user is itself the owner of the Drupal files, the administrator * will not be prompted for SSH or FTP credentials (note that these server * setups are common on shared hosting, but are inherently insecure). * * Some sites might wish to disable the above functionality, and only update * the code directly via SSH or FTP themselves. This setting completely * disables all functionality related to these authorized file operations. * * @see http://drupal.org/node/244924 * * Remove the leading hash signs to disable. */ # $conf['allow_authorize_operations'] = FALSE; /** * Trusted host configuration. * * Drupal can attempt to prevent HTTP Host header spoofing. * * To enable the trusted host mechanism, you enable your allowable hosts in * $conf['trusted_host_patterns']. This should be an array of regular expression * patterns, without delimiters, representing the hosts you would like to allow. * * For example, this code will allow the site to only run from www.example.com. * * @code * $conf['trusted_host_patterns'] = array( * '^www\.example\.com$', * ); * @endcode * * If you are running multisite, or if you are running your site from different * domain names (for example, you don't redirect http://www.example.com to * http://example.com), you should specify all of the host patterns that are * allowed by your site. * * For example, this code will allow the site to run off of all variants of * example.com and example.org, with all subdomains included. * * @code * $conf['trusted_host_patterns'] = array( * '^example\.com$', * '^.+\.example\.com$', * '^example\.org', * '^.+\.example\.org', * ); * @endcode */ /** * Theme debugging: * * When debugging is enabled: * - The markup of each template is surrounded by HTML comments that contain * theming information, such as template file name suggestions. * - Note that this debugging markup will cause automated tests that directly * check rendered HTML to fail. * * For more information about debugging theme templates, see * https://www.drupal.org/node/223440#theme-debug. * * Not recommended in production environments. * * Remove the leading hash sign to enable. */ # $conf['theme_debug'] = TRUE; /** * CSS identifier double underscores allowance: * * To allow CSS identifiers to contain double underscores (.example__selector) * for Drupal's BEM-style naming standards, uncomment the line below. * Note that if you change this value in existing sites, existing page styles * may be broken. * * @see drupal_clean_css_identifier() */ # $conf['allow_css_double_underscores'] = TRUE; /** * The default list of directories that will be ignored by Drupal's file API. * * By default ignore node_modules and bower_components folders to avoid issues * with common frontend tools and recursive scanning of directories looking for * extensions. * * @see file_scan_directory() */ $conf['file_scan_ignore_directories'] = array( 'node_modules', 'bower_components', ); /** * Logging of user flood control events. * * Drupal's user module will place a temporary block on a given IP address or * user account if there are excessive failed login attempts. By default these * flood control events will be logged. This can be useful for identifying * brute force login attacks. Set this variable to FALSE to disable logging, for * example if you are using the dblog module and want to avoid database writes. * * @see user_login_final_validate() * @see user_user_flood_control() */ # $conf['log_user_flood_control'] = FALSE; /** * Opt out of variable_initialize() locking optimization. * * After lengthy discussion in https://www.drupal.org/node/973436 a change was * made in variable_initialize() in order to avoid excessive waiting under * certain conditions. Set this variable to TRUE in order to opt out of this * optimization and revert to the original behaviour. */ # $conf['variable_initialize_wait_for_lock'] = FALSE; /** * Opt in to field_sql_storage_field_storage_write() optimization. * * To reduce unnecessary writes field_sql_storage_field_storage_write() can skip * fields where values have apparently not changed. To opt in to this * optimization, set this variable to TRUE. */ $conf['field_sql_storage_skip_writing_unchanged_fields'] = TRUE; /** * Use site name as display-name in outgoing mail. * * Drupal can use the site name (i.e. the value of the site_name variable) as * the display-name when sending e-mail. For example this would mean the sender * might be "Acme Website" <acme@example.com> as opposed to just the e-mail * address alone. In order to avoid disruption this is not enabled by default * for existing sites. The feature can be enabled by setting this variable to * TRUE. * * @see https://tools.ietf.org/html/rfc2822 * @see drupal_mail() */ $conf['mail_display_name_site_name'] = TRUE; /** * SameSite cookie attribute. * * This variable can be used to set a value for the SameSite cookie attribute. * * Versions of PHP before 7.3 have no native support for the SameSite attribute * so it is emulated. * * The session.cookie-samesite setting in PHP 7.3 and later will be overridden * by this variable for Drupal session cookies, and any other cookies managed * with drupal_setcookie(). * * Setting this variable to FALSE disables the SameSite attribute on cookies. * * @see drupal_setcookie() * @see drupal_session_start() * @see https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-samesite */ # $conf['samesite_cookie_value'] = 'None'; /** * Retain legacy has_js cookie. * * Older releases of Drupal set a has_js cookie with a boolean value which * server-side code can use to determine whether JavaScript is available. * * This functionality can be re-enabled by setting this variable to TRUE. */ # $conf['set_has_js_cookie'] = FALSE; /** * Skip file system permissions hardening. * * The system module will periodically check the permissions of your site's * site directory to ensure that it is not writable by the website user. For * sites that are managed with a version control system, this can cause problems * when files in that directory such as settings.php are updated, because the * user pulling in the changes won't have permissions to modify files in the * directory. */ # $conf['skip_permissions_hardening'] = TRUE; /** * Additional public file schemes: * * Public schemes are URI schemes that allow download access to all users for * all files within that scheme. * * The "public" scheme is always public, and the "private" scheme is always * private, but other schemes, such as "https", "s3", "example", or others, * can be either public or private depending on the site. By default, they're * private, and access to individual files is controlled via * hook_file_download(). * * Typically, if a scheme should be public, a module makes it public by * implementing hook_file_download(), and granting access to all users for all * files. This could be either the same module that provides the stream wrapper * for the scheme, or a different module that decides to make the scheme * public. However, in cases where a site needs to make a scheme public, but * is unable to add code in a module to do so, the scheme may be added to this * variable, the result of which is that system_file_download() grants public * access to all files within that scheme. */ # $conf['file_additional_public_schemes'] = array('example'); /** * Sensitive request headers in drupal_http_request() when following a redirect. * * By default drupal_http_request() will strip sensitive request headers when * following a redirect if the redirect location has a different http host to * the original request, or if the scheme downgrades from https to http. * * These variables allow opting out of this behaviour. Careful consideration of * the security implications of opting out is recommended. * * @see _drupal_should_strip_sensitive_headers_on_http_redirect() * @see drupal_http_request() */ # $conf['drupal_http_request_strip_sensitive_headers_on_host_change'] = TRUE; # $conf['drupal_http_request_strip_sensitive_headers_on_https_downgrade'] = TRUE; /** * Cron lock expiration timeout: * * Each time Drupal's cron is executed, it acquires a cron lock. Older releases * of Drupal set the default cron lock expiration timeout to 240 seconds. This * duration was considered short, because it often caused concurrent cron runs * especially on busy sites heavily utilizing cron. * * Use this variable to set a custom cron lock expiration timeout (float). */ # $conf['cron_lock_expiration_timeout'] = 900.0; /** * File schemes whose paths should not be normalized: * * Normally, Drupal normalizes '/./' and '/../' segments in file URIs in order * to prevent unintended file access. For example, 'private://css/../image.png' * is normalized to 'private://image.png' before checking access to the file. * * On Windows, Drupal also replaces '\' with '/' in URIs for the local * filesystem. * * If file URIs with one or more scheme should not be normalized like this, then * list the schemes here. For example, if 'porcelain://china/./plate.png' should * not be normalized to 'porcelain://china/plate.png', then add 'porcelain' to * this array. In this case, make sure that the module providing the 'porcelain' * scheme does not allow unintended file access when using '/../' to move up the * directory tree. */ # $conf['file_sa_core_2023_005_schemes'] = array('porcelain'); /** * Configuration for phpinfo() admin status report. * * Drupal's admin UI includes a report at admin/reports/status/php which shows * the output of phpinfo(). The full output can contain sensitive information * so by default Drupal removes some sections. * * This behaviour can be configured by setting this variable to a different * value corresponding to the flags parameter of phpinfo(). * * If you need to expose more information in the report - for example to debug a * problem - consider doing so temporarily. * * @see https://www.php.net/manual/function.phpinfo.php */ # $conf['sa_core_2023_004_phpinfo_flags'] = ~(INFO_VARIABLES | INFO_ENVIRONMENT); /** * Session IDs are hashed by default before being stored in the database. This * reduces the risk of sessions being hijacked if the database is compromised. * * This variable allows opting out of this security improvement. */ # $conf['do_not_hash_session_ids'] = TRUE; /** * URL for update information. * * Drupal's update module can check for the availability of updates. By default * https is used for this check. If for any reason your site cannot use https * you can change this variable to fallback to http. It is recommended to fix * the problem with SSL/TLS rather than use http which provides no security. */ # $conf['update_fetch_url'] = 'https://updates.drupal.org/release-history'; /** * Opt out of double submit protection. * * By default Drupal will prevent consecutive form submissions of identical form * values. Set this variable to FALSE in order to opt out of this * prevention and revert to the original behaviour. */ # $conf['javascript_use_double_submit_protection'] = FALSE; /** * Cron logging. * * Optionally drupal_cron_run() can log each execution of hook_cron() together * with the execution time. This is disabled by default to reduce log noise. Set * this variable to TRUE in order to enable the additional logging. */ # $conf['cron_logging_enabled'] = TRUE;