Permalink
Switch branches/tags
Nothing to show
Find file
06afa74 Aug 18, 2013
548 lines (466 sloc) 31.1 KB
; Wave Framework <http://www.waveframework.com>
; General Configuration
;
; All configuration settings in this file are loaded into State where certain variables, such as
; error-reporting, can turn on or off certain PHP settings. This configuration script is also
; used by scripts under /tools/ folder. Note that most settings in this file are commented
; out since system can function with default values. Uncomment and edit configuration only
; when wishing to change defaults.
;
; If your project needs additional configuraton options then you can freely add them here and
; access them through state-specific methods, but make sure that there is no name conflict with
; any internal configuration and state variables. Refer to State documentation to know exactly
; which variables have already been used.
;
; * HTTP Authentication
; * Application Version
; * Logging and Debugging
; * Database
; * Server
; * Handler Extensions
; * Content
; * Optimizations and Cache
; * Dynamic Resources
; * API
; * Sessions
; * Request limiter
;
; @package State
; @author Kristo Vaher <kristo@waher.net>
; @copyright Copyright (c) 2012, Kristo Vaher
; @license GNU Lesser General Public License Version 3
; @tutorial /doc/pages/configuration.htm
; @since 1.0.0
; @version 3.7.0
; HTTP AUTHENTICATION
; If limiter-authentication is set to 1, then HTTP authentication is required before any requests
; go through. It is also possible to limit the entire access to only a single IP or multiple IP
; addresses by assigning http-authentication-ip a comma separated list of IP addresses. These
; settings are also used by developer tools in /tools/ subfolder. Make sure to change your password
; in order to protect from potential attacks that target software default installation settings.
http-authentication-username="developer"
http-authentication-password="hellowave"
http-authentication-ip="*"
; LOGGING AND DEBUGGING
; This turns on Index gateway performance logging, which stores all information possible about
; every HTTP request. If this is set to '*' then all HTTP requests are logged, if it is set to 0,
; then no requests are logged. Value can also be a regular expression, in which case only requests
; that match the regular expression will be logged (you can use this to log only requests on a
; specific file, for example). Logging can also be tied to only specific IP address or addresses,
; if you set logger-ip to have an IP address or comma separated list of addresses.
; logger="*"
; logger-ip="*"
; This sets the error-reporting level for Wave Framework, which is used to store errors in Debugger
; logs. Note that this value cannot be changed over setState() method and this affects the entire
; system. This setting can have the value of 'off', 'critical' (ignores notices, warnings and
; deprecated errors) or 'full'. Please note that it is recommended to keep error-reporting on at
; all times. This is set to 'full' by default.
; errors-reporting='off';
; This settings turns on verbose error messages for fatal/critical errors that stop the script.
; This will show complete error information when it is encountered on the page. This setting does
; not apply to warnings and notices, latter of which are all visible under Debugger script. This
; is turned off by default.
; errors-verbose=1
; This sets if Wave Framework also writes the entire stack trace to error logs, if errors are
; encountered. Note that this might make some error log files very large and possibly unreadable
; by Debugger script with default memory settings. This is set off by default and only the main
; error message, file location and number are stored.
; errors-trace=1
; If these are set then using isDeveloper() call returns true. This allows you to test various
; features within the API that only work when requests are made from a specific IP and user agent.
; If these settings are not set or are empty, then isDeveloper() always returns false. Values can
; be comma-separated-lists. Note that the user agent string should be written here without semicolon
; character, which is unsupported in INI files.
; developer-ip=""
; developer-user-agent=""
; DATABASE
; Wave Framework can connect to multiple database types, database-type values can be 'mysql',
; 'postgresql', 'sqlite', 'mssql' and 'oracle'. If database values are not set, then system won't
; attempt to connect to database. Persistent connections are allowed by using database-persistent
; flag, in which case same connection handle will be shared across requests from different user
; agents, but note that this flag is not recommended and can cause additional performance issues.
; It is also possible to set if database errors are written in developer tools debugging log with
; the database-errors flag. It is not recommended to turn this setting off before deploying live.
; If you need to add port information for host, add it after host name, like 'www.example.com:3306'.
; database-type="mysql"
; database-host="localhost"
; database-name=""
; database-username=""
; database-password=""
; database-persistent=0
; database-errors=1
; These are database credentials for the Test Suite that is run by the test script and tests stored
; at /tools/ subfolder. It is recommended that the test database is identical in structure to
; live database, otherwise the tests can affect actual database in negative ways.
; test-database-type="mysql"
; test-database-host="localhost"
; test-database-name=""
; test-database-username=""
; test-database-password=""
; test-database-persistent=0
; test-database-errors=1
; SERVER
; This setting stores comma-separated list of trusted proxy IP addresses. This setting is required
; when your web service or website uses a proxy, then this IP address allows for IP redirects
; assigned in request headers to act as user agent IP. This is a security setting and is meant to
; protect against bypassing IP address checks through request headers. If you use a proxy, assign
; the proxy IP address here. Default value is '*', which means that all proxies are allowed.
; trusted-proxies="*";
; This is the HTTP host address of web service or website, for example 'www.example.com'. This is
; detected automatically by the system, but in case the same website is accessible from two different
; URL's, then assigning primary one here is recommended.
; http-host="www.example.com"
; This is the directory of your website or web service on the server. Wave Framework is able to detect
; this directory automatically, but in case this detection causes problems, it is recommended to
; manually assign it here.
; directory-system=""
; By default this folder is /filesystem/userdata/ and it is used for storing various user-specific
; files. This is detected automatically based on directory-system configuration setting. Static root folder
; is the base root folder for static files, similarly to 'directory-user', except files uploaded there are
; never served by Wave Framework.
; directory-user=""
; directory-static=""
; By default this folder is /filesystem/data/ and it is used for storing various filesystem-centric
; database files, such as for SQLite. If undefined, then this is automatically based on directory-system
; configuration setting and it is not recommended to change this unless necessary.
; database-root=""
; This is the base root folder for temporary files. Files that are stored here should be considered
; temporary and used for various custom functionality in the system.
; directory-tmp=""
; This is the folder that is used to store various security certificates and OpenSSL keys, such as
; ones used by various API's or e-payment systems.
; directory-keys=""
; This is the named timezone of servers location, this is required by PHP to have a base for time
; calculations. Unix timestamp is used internally by Wave Framework, so changing this value will
; not break the system, however it could affect things like log times and functionality of the
; system that uses Wave Framework. This configuration is set to 'Europe/London' by default.
; timezone="Europe/London"
; This setting is a locale setting that is used for locale-related settings, such as for monetary
; and numeric values and messages. This is not defined by default and is detected by the system
; automatically.
; locale="en_GB"
; This sets the memory limit for the Wave Framework requests. Setting this value does not guarantee
; that it will be success, as certain servers disable setting memory limit with PHP. This setting
; is undefined by default, thus Wave Framework uses the internal memory limit that is set in the
; server.
; memory-limit="128M"
; This sets the time limit for the Wave Framework requests. Setting this value does not guarantee
; that it will be success, as certain servers disable setting time limit with PHP. This setting
; is undefined by default, thus Wave Framework uses the internal time limit that is set in the
; server. This value is in seconds.
; time-limit=30
; HANDLER EXTENSIONS
; This is a comma-separated list of image file extensions that are routed through Image Handler.
; If image file extension is not listed here, then this will be served through File Handler
; instead - which is used to serve any file that has an extension, but no handler. If you add
; new extensions here, then it is recommended to also update Image Handler code at
; /engine/handler.image.php to support that new file extension.
; Default extensions are jpeg, jpg, png.
; image-extensions="jpeg,jpg,png"
; This is a comma-separated list of static resource file extensions that are routed through
; Resource Handler. Resource Handler can serve these files as combined on-demand. If you add
; new extensions here, then it is recommended to also update Resource Handler code at
; /engine/handler.resource.php to support that new file extension.
; Default extensions are css, js, txt, csv, xml, html, htm, rss, vcard.
; resource-extensions="css,js,txt,csv,xml,html,htm,rss,vcard,appcache"
; This is a comma-separated list of filename extensions that are routed through File Handler.
; If a file extension is not listed here and it is not a forbidden extension, then it will be
; served through Data Handler instead and acts like a web page request.
; Default extensions are pdf,doc,docx,xls,xlsx,ppt,pptx,zip,rar.
; file-extensions="pdf,doc,docx,xls,xlsx,ppt,pptx,zip,rar"
; This is a comma-separated list of file extensions that cannot be requested over HTTP.
; Caution! Please note that some of these extensions, like 'ini', 'htaccess', 'version' should
; never be removed from here, since they can otherwise pose a security risk - it would be
; possible to see configuration file contents over HTTP request.
; Default extensions are tmp, log, ht, htaccess, pem, crt, db, sql, version, conf, ini.
; forbidden-extensions="tmp,log,ht,htaccess,pem,crt,db,sql,version,conf,ini,empty"
; CONTENT
; These values are added to website meta information by the View Controller, if they are defined.
; Website title will include value of project-title, and author and copyright values are written
; into meta tags in HTML header. These values are all empty by default.
; project-title="Wave Framework"
; project-author=""
; project-copyright=""
; First setting, 'languages', is a comma-separated list of language keywords used in the system.
; These keywords are used for both translations files, sitemap files as well as language detection,
; when detecting the language form a URL. It is needed that the keywords listed here are also
; available as files of /resources/{keyword}.translations.ini and /resources/{keyword}.sitemap.ini.
; Language detection with the keywords works the same way, like http://www.example.com/{keyword}/.
; It is possible to customize this behavior more with other settings in configuration. Default
; language is defined by 'language' setting. Default language is the first language in the list.
; This is set to 'en' by default.
; languages="en"
; These settings are used when using Wave Framework to build a website and not just a web service.
; Home view defines what view is loaded by View Controller from Sitemap file. This home-view setting
; is actually the URL keyword from Sitemap file and it should be the same across all different
; languages. 404 view defines what view from /view/ folder is loaded when no other view is found.
; 404 View is not set in Sitemap files, though if defined (the same way as Home view), then additional
; configuration options can be assigned there.
; home-view="home"
; 404-view="404"
; This value is usually automatically generated from HTTPS setting, 'http-host' and 'url-web'
; values. This should only be defined in Configuration should the base URL be somehow detected
; incorrectly. This is the base URL that is stored in HTML header.
; url-base="http://www.example.com"
; While most websites are accessible from the domain name and root folder then some websites are
; set up in subfolders (like http://www.example.com/web/). While Wave Framework is able to detect
; this automatically, should this automatic detection fail, it is recommended to write the web
; root node here. For 'http://www.example.com/web/' address it would be '/web/'. This value is
; used when referencing links or loading content in a website.
; url-web=""
; It is considered a good practice to have a slash in the end of URL's. If this setting is enabled,
; then Wave Framework will redirect all URL's that do not end with a slash to ones that do. For
; example http://www.example.com/mypage would become http://www.example.com/mypage/ and this
; setting is turned on by default by being set to 1.
; enforce-url-end-slash=0
; Wave Framework deals with multilingual websites by having the first URL node as the language
; detector. If this setting here is turned on, then first language (the first one in 'languages'
; configuration setting) requires that first URL node to also be defined as the language. Wave
; Framework would, in that case, redirect http://www.example.com/contact/ address to
; http://www.example.com/en/contact/ if the first language is 'en'. This is turned on by
; default, but is recommended to be turned off when web system only has one language.
; enforce-first-language-url=0
; Robots flags are used by search engines and web crawlers when gathering information about web
; pages that they visit. These flags are 'guides' to robots that tell robots to either index the
; content of pages or not. In Wave Framework, 'robots' is considered the fallback setting, but
; you can set different defaults for images, static resources, served files and so on. It is also
; possible to assign different robots setting to each URL through sitemap files in /resources/
; folder. These values are set to 'noindex,nocache,nofollow,noarchive,noimageindex,nosnippet' by
; default, which disallows indexing.
; robots="index,follow"
; image-robots="index,follow"
; resource-robots="index,follow"
; file-robots="index,follow"
; This sets whether the pages rendered through View Controller are allowed to be shown in a frame,
; like an <iframe>, or not. This can be set to either 'deny' or 'sameorigin' or left empty. The
; default value is empty, so the pages can be loaded to a frame at all times.
; frame-permissions="deny"
; This sets the CSP (content security policy) setting for the domains that your site is allowed
; to load data from. This allows for whitelisted cross-site scripting and accessing resources on
; other domains, while also blacklisting other domains. This is not used by default.
; content-security-policy="default-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.com"
; This sets what domains are allowed to access the API or load resources from this installation.
; This sets an 'Access-Control-Allow-Origin' header to all of the HTTP requests. This is not set
; by default, thus disallowing cross-domain requests to this system. This allows you to make
; cross-domain requests to this resource if '*' is set or another domain.
; access-control="*"
; OPTIMIZATIONS AND CACHE
; Modern web browsers support output compression which reduces the amount of data sent from
; server to web browsers and can improve the loading speed of websites. This value can be set
; to 'deflate', 'gzip' or false. This setting tells Wave Framework to consider this or that type
; of output compression as default, or not use output compression at all (if web server does it
; by itself). Also note that this setting is ignored if user agent does not tell web server that
; they support gzip or deflate compression. This value is set to 'deflate' by default.
; output-compression=0
; Wave Framework can cache every API request. This setting tells Wave Framework to cache URL
; solving from Sitemap for X amount of seconds. Since /resources/{language-code}.sitemap.ini
; file does not change frequently on most projects, then this value can be increased to minutes,
; even hours. For development reasons and special cases however, this value is set to 0 by
; default and URL solving is not cached.
; index-url-cache-timeout=300
; This setting assigns the default cache duration of a website page. This value can be customized
; per view and URL in /resources/{language-code}.sitemap.ini and this value here only acts as
; a default. If your website is informative and mostly consists of content web pages, then this
; default value can be increased to minutes, if not hours. Default value is 0 and by default
; pages are not cached.
; index-view-cache-timeout=30
; These settings give default cache durations for static resources, robots.txt and sitemap.xml
; files. This value affects max lifetime headers as well as internal cache duration (though
; this is always checked against source file modification date). Resource cache timeout default
; is 31536000, which is one year in seconds. Robots and Sitemap files have default cache of
; 14400 seconds, which is four hours.
; resource-cache-timeout=31536000
; robots-cache-timeout=14400
; sitemap-cache-timeout=14400
; Memcache can be used to improve caching speeds noticeably in Wave Framework and speed up
; your website or web service considerably. If host and port are not set, then localhost and
; 11211 port is used for the connection.
; memcache=1
; memcache-host="localhost"
; memcache-port=11211
; APC extension is not officially part of PHP, but if web server supports APC, then this can
; speed up caching and performance. If this setting is set to 1 and APC is supported on the
; server, then Wave Framework will use APC for caching rather than filesystem in some cases.
; This setting is set to 0 by default.
; apc=1
; If these are set, then Wave Framework will use database caching as opposed to filesystem
; based caching for all Data Handler and API Handler requests. Static files would still use
; filesystem specific cache if on-demand parameters are used. Database caching is generally
; slower than filesystem cache, but it has the benefits of being shared. Note that if the
; cache-database-* settings are not set and the rest of the settings are, then the main
; database settings are used for the connection. If cache-database-type is set to 'any'
; and generic database configuration is also set, then the same database connection is
; used as in the main application rather than creating a new connection.
; cache-database=1
; cache-database-type="mysql"
; cache-database-host="localhost"
; cache-database-name=""
; cache-database-username=""
; cache-database-password=""
; cache-database-errors=1
; cache-database-persistent=0
; cache-database-table-name="cache"
; cache-database-address-column="cache"
; cache-database-timestamp-column="cache"
; cache-database-data-column="cache"
; DYNAMIC RESOURCES
; If this is set to 1, then Wave Framework uses /resources/placeholder.jpg as image resource
; whenever it cannot actually find the image resource that it attempts to load. This allows
; web system to gracefully fall back when original image cannot be found anymore, since it
; will not display the broken image icon in browsers as a result. File not found 404 header
; is still returned however, so web crawlers will not index this image.
; 404-image-placeholder=0
; Dynamic image loading is a global flag that sets whether user agent can request images from
; the system with on-demand flags, such as on-demand resolution or image effects. For example,
; if you enter an URL like http://www.example.com/resources/images/60x60&logo.png, then system
; returns an image that is 60 pixels in both dimensions. This setting is set to 1 by default,
; enabling this functionality.
; dynamic-image-loading=0
; This is a security setting against potential Denial of Service attacks. This setting is the
; maximum height or width that system can dynamically serve. This is set to 1000 by default,
; which disables on-demand resolutions that are bigger than 1000 pixels in width or height.
; dynamic-max-size=1000
; This is a security setting against potential Denial of Service attacks. This is a space-
; separated list of image resolutions that are allowed to be loaded on-demand. For example,
; if this is set to '60x60 320x240' then only images of 60x60 and 320x240 resolutions would
; be allowed to be loaded on-demand. This setting is not defined by default, which allows all
; image resolutions to be loaded on-demand.
; dynamic-size-whitelist=""
; This is a security setting against potential Denial of Service attacks. This is a space-
; separated list of background color values in RGB that are allowed to be loaded on-demand.
; For example, if this is set to '120,60,14 255,255,255' then only these two RGB colors would
; be allowed. This setting is not defined by default, which allows for all background colors
; to be loaded on-demand.
; dynamic-color-whitelist=""
; This is a security setting against potential Denial of Service attacks. This is a space-
; separated list of quality settings that are allowed to be loaded on-demand. For example,
; if this is set to '@50 @30', then only images with @50 and @30 quality settings are allowed
; to be loaded on-demand. This setting is not defined by default and all quality levels
; are allowed.
; dynamic-quality-whitelist=""
; This is a security setting against potential Denial of Service attacks. This is a space-
; separated list of image positions that are allowed to be loaded on-demand. For example, if
; this is set to 'top-left 30-50', then only image positions of top-left and 30-50 (pixels)
; are allowed. This setting is not defined by default and all positions are allowed.
; dynamic-position-whitelist=""
; This is a security setting against potential Denial of Service attacks. Wave Framework allows
; for advanced on-demand image filtering. If this setting is turned off, then on-demand image
; filtering is not allowed at all and such images cannot be requested. By default this value is 1,
; which enables on-demand filters.
; dynamic-image-filters=0
; This is a security setting against potential Denial of Service attacks. If dynamic image
; filters are enabled, then this is a space-separated list of allowed filter settings. If this
; is set to 'grayscale@100 colorize@40,120,120,120' then only grayscale filter with parameter 100
; and colorize filter with 40, 120, 120 and 120 parameters are allowed. These values must be
; written the same way they are written to filter() brackets during on-demand image request.
; dynamic-filter-whitelist=""
; This is a security setting against potential Denial of Service attacks. This setting, if set
; to 1, allows to load scripts and CSS files in unified form from /resources/ folder. Multiple
; scripts can be loaded by separating their filenames with & symbol and 'minify' flag can also
; be used to load the resource in minified form. This setting is 1 by default.
; dynamic-resource-loading=0
; API
; This is a comma-separated list of API versions that are allowed to be accessed over API.
; By default this value is not set at all, which means that sending 'www-version' value with
; the request has no impact. API versions can only consist of latin characters and numbers.
; The most recent API version number is defined in '.version' file in the root folder.
; api-versions="v2,v1"
; This sets the default profile name of a public profile - when profile name itself is not set
; in the request. This profile must have profile settings set in /resources/api.profiles.ini file.
; api-public-profile="public"
; If this setting is set to 1, then public API requests require a 'www-public-token' as part of
; HTTP API requests that do not use an authenticated API profile. This token has to be generated
; to and submitted with all the forms on the website. This is set to 0 by default, but is
; recommended to be implemented on websites and services that implement user accounts and other
; similar systems as a protection for cross-site-request-forgery attacks. Note that this token
; is only actually checked if the user is 'logged in' (user session data is populated).
; api-public-token=1
; It is possible to keep a simplified log of API requests that are sent to API Handler. This
; setting is a comma-separated list of API profiles that will be tracked or will not be tracked.
; This allows for keeping track of how actively this or that API Profile is used in the system
; and gives a good overview of what commands have been used the most and how frequently. Setting
; it to '*' will mean that every API Profile will be logged, except profiles listed with '!' in
; front of their name. The default setting, if used, will track all API profiles except the
; public profile.
; api-logging="*,!public"
; It's possible to log specific messages in internal log by sending such a command from MVC
; objects of Wave Framework. This setting here acts as a filter to those messages. Every
; message is stored with a 'key' and in here you can set which keys are logged and which
; keys are ignored. Setting it to '*' will mean that everything will be logged. If a key
; has exclamation mark before it, then that key will be ignored. Wave Framework has two
; default internal log messages 'input-data' and 'output-data' which are ignored by default,
; but sometimes it is recommended to turn them on for debugging purposes. This internal log
; can be read from developer tools as /tools/log-reader.php?internal URL. Default setting logs
; all log entries except the API input-data and output-data entries.
; internal-logging="*,!input-data,!output-data"
; SESSIONS
; This setting is the namespace/cookie value used for sessions. For example this value is the
; cookie name for sessions. If this setting is not set in configuration, then Wave Framework
; generates this value by creating a numeric hash from the root directory address on the server.
; It is not necessary to change this value unless your system runs on multiple servers with
; different system root addresses at the same time and you need to carry the sessions across.
; session-name="PHPSESSID"
; This is the amount of seconds that have to pass before Wave Framework automatically regenerates
; the session cookie. This is set to 0 by default, thus session cookies are not regenerated
; automatically.
; session-regenerate=720
; These values are session cookie settings. State assignes them by default and that is usually
; recommended, but you can assign your own values here. If 'session-lifetime' value is 0, then
; sessions will last until they time out in browsers. That is also the default.
; session-lifetime=1440
; session-path="/"
; session-domain="www.example.com"
; session-secure=0
; session-http-only=1
; Wave Framework has a basic user and permissions handling through sessions as well as session
; fingerprinting, which can be accessed through <a href="guide_mvc.htm">MVC</a> objects. This
; sets the keys under which user data and permissions are stored in sessions. These values are
; set to 'www-user', 'www-permissions', 'www-fingerprint', 'www-timestamp' and 'www-public-token'
; by default.
; session-user-key="www-user"
; session-permissions-key="www-permissions"
; session-fingerprint-key="www-fingerprint"
; session-timestamp-key="www-timestamp"
; session-token-key="www-public-token"
; This setting allows you to tie your sessions to the specific web browser and IP address. This
; setting is undefined by default, so fingerprinting is not used. Value of this setting can be
; a comma separated string that consists of keys like 'ip' and 'browser'. If you only want browser
; specific fingerprinting, then just assign it as 'browser', or if only IP fingerprinting, then
; use 'ip'.
; session-fingerprint="ip,browser"
; REQUEST LIMITER
; This turns on HTTP request limiter if set to 1. This setting is a global flag, if this is
; not set to 1, then all other flags of this group are ignored. This is set to 0 by default.
; limiter=1
; If this is set to 1, then every HTTP request requires HTTP authentication based on http-*
; configuration settings. Otherwise all requests are blocked. This is useful to protect
; website or web service from being accessed during development. This is not used by default.
; limiter-authentication=1
; This setting enforces HTTPS connections, when accessing this web service. If this is turned
; on, then all non-HTTPS requests will be redirected to HTTPS. This is not used by default and
; both HTTP and HTTPS requests (if supported) are allowed.
; limiter-https=1
; This setting is a comma-separated list of IP addresses which are allowed to access this
; website or web service. Requests from any other IP are blocked and not allowed. This is
; not used by default.
; limiter-whitelist=""
; If whitelist limiter is not used, then this setting can be a comma-separated list of IP
; addresses that are not allowed to access this website or web service. This is not used
; by default.
; limiter-blacklist=""
; This setting allows to limit the amount of requests per minute that are allowed. This is
; used to protect the system against Denial of Service attacks. This setting is the maximum
; amount of requests allowed per IP address. If this limit is exceeded, then that IP is blocked
; for one hour from accessing the service again. This is not used by default.
; limiter-request=120
; This setting sets the server load value that when met, will make Wave Framework temporarily
; block HTTP requests. If server load is too high, then subsequent requests can make problems
; worse, so this setting allows you to make such requests as short and quick as possible, which
; helps reduce the load on the server. This setting is undefined by default and this limiter
; is not used.
; limiter-load=80
; This is a comma-separated list for all the domains that are allowed to make a request to this
; system. If this configuration setting is used and it is not '*', HTTP header for referrer is set,
; then this requests will return a Forbidden message. You can use this in combination with other
; security settings to protect your system from potential abuse.
; limiter-referrer="*"