mirror of
https://github.com/tag1consulting/d7_to_d10_migration.git
synced 2024-11-27 00:03:26 +00:00
888 lines
36 KiB
PHP
888 lines
36 KiB
PHP
<?php
|
|
|
|
/**
|
|
* @file
|
|
* Drupal site-specific configuration file.
|
|
*
|
|
* IMPORTANT NOTE:
|
|
* This file may have been set to read-only by the Drupal installation program.
|
|
* If you make changes to this file, be sure to protect it again after making
|
|
* your modifications. Failure to remove write permissions to this file is a
|
|
* security risk.
|
|
*
|
|
* The configuration file to be loaded is based upon the rules below. However
|
|
* if the multisite aliasing file named sites/sites.php is present, it will be
|
|
* loaded, and the aliases in the array $sites will override the default
|
|
* directory rules below. See sites/example.sites.php for more information about
|
|
* aliases.
|
|
*
|
|
* The configuration directory will be discovered by stripping the website's
|
|
* hostname from left to right and pathname from right to left. The first
|
|
* configuration file found will be used and any others will be ignored. If no
|
|
* other configuration file is found then the default configuration file at
|
|
* 'sites/default' will be used.
|
|
*
|
|
* For example, for a fictitious site installed at
|
|
* http://www.drupal.org:8080/mysite/test/, the 'settings.php' file is searched
|
|
* for in the following directories:
|
|
*
|
|
* - sites/8080.www.drupal.org.mysite.test
|
|
* - sites/www.drupal.org.mysite.test
|
|
* - sites/drupal.org.mysite.test
|
|
* - sites/org.mysite.test
|
|
*
|
|
* - sites/8080.www.drupal.org.mysite
|
|
* - sites/www.drupal.org.mysite
|
|
* - sites/drupal.org.mysite
|
|
* - sites/org.mysite
|
|
*
|
|
* - sites/8080.www.drupal.org
|
|
* - sites/www.drupal.org
|
|
* - sites/drupal.org
|
|
* - sites/org
|
|
*
|
|
* - sites/default
|
|
*
|
|
* Note that if you are installing on a non-standard port number, prefix the
|
|
* hostname with that number. For example,
|
|
* http://www.drupal.org:8080/mysite/test/ could be loaded from
|
|
* sites/8080.www.drupal.org.mysite.test/.
|
|
*
|
|
* @see example.sites.php
|
|
* @see conf_path()
|
|
*/
|
|
|
|
/**
|
|
* Database settings:
|
|
*
|
|
* The $databases array specifies the database connection or
|
|
* connections that Drupal may use. Drupal is able to connect
|
|
* to multiple databases, including multiple types of databases,
|
|
* during the same request.
|
|
*
|
|
* Each database connection is specified as an array of settings,
|
|
* similar to the following:
|
|
* @code
|
|
* array(
|
|
* 'driver' => 'mysql',
|
|
* 'database' => 'databasename',
|
|
* 'username' => 'username',
|
|
* 'password' => 'password',
|
|
* 'host' => 'localhost',
|
|
* 'port' => 3306,
|
|
* 'prefix' => 'myprefix_',
|
|
* 'collation' => 'utf8_general_ci',
|
|
* );
|
|
* @endcode
|
|
*
|
|
* The "driver" property indicates what Drupal database driver the
|
|
* connection should use. This is usually the same as the name of the
|
|
* database type, such as mysql or sqlite, but not always. The other
|
|
* properties will vary depending on the driver. For SQLite, you must
|
|
* specify a database file name in a directory that is writable by the
|
|
* webserver. For most other drivers, you must specify a
|
|
* username, password, host, and database name.
|
|
*
|
|
* Transaction support is enabled by default for all drivers that support it,
|
|
* including MySQL. To explicitly disable it, set the 'transactions' key to
|
|
* FALSE.
|
|
* Note that some configurations of MySQL, such as the MyISAM engine, don't
|
|
* support it and will proceed silently even if enabled. If you experience
|
|
* transaction related crashes with such configuration, set the 'transactions'
|
|
* key to FALSE.
|
|
*
|
|
* For each database, you may optionally specify multiple "target" databases.
|
|
* A target database allows Drupal to try to send certain queries to a
|
|
* different database if it can but fall back to the default connection if not.
|
|
* That is useful for master/slave replication, as Drupal may try to connect
|
|
* to a slave server when appropriate and if one is not available will simply
|
|
* fall back to the single master server.
|
|
*
|
|
* The general format for the $databases array is as follows:
|
|
* @code
|
|
* $databases['default']['default'] = $info_array;
|
|
* $databases['default']['slave'][] = $info_array;
|
|
* $databases['default']['slave'][] = $info_array;
|
|
* $databases['extra']['default'] = $info_array;
|
|
* @endcode
|
|
*
|
|
* In the above example, $info_array is an array of settings described above.
|
|
* The first line sets a "default" database that has one master database
|
|
* (the second level default). The second and third lines create an array
|
|
* of potential slave databases. Drupal will select one at random for a given
|
|
* request as needed. The fourth line creates a new database with a name of
|
|
* "extra".
|
|
*
|
|
* For a single database configuration, the following is sufficient:
|
|
* @code
|
|
* $databases['default']['default'] = array(
|
|
* 'driver' => 'mysql',
|
|
* 'database' => 'databasename',
|
|
* 'username' => 'username',
|
|
* 'password' => 'password',
|
|
* 'host' => 'localhost',
|
|
* 'prefix' => 'main_',
|
|
* 'collation' => 'utf8_general_ci',
|
|
* );
|
|
* @endcode
|
|
*
|
|
* For handling full UTF-8 in MySQL, including multi-byte characters such as
|
|
* emojis, Asian symbols, and mathematical symbols, you may set the collation
|
|
* and charset to "utf8mb4" prior to running install.php:
|
|
* @code
|
|
* $databases['default']['default'] = array(
|
|
* 'driver' => 'mysql',
|
|
* 'database' => 'databasename',
|
|
* 'username' => 'username',
|
|
* 'password' => 'password',
|
|
* 'host' => 'localhost',
|
|
* 'charset' => 'utf8mb4',
|
|
* 'collation' => 'utf8mb4_general_ci',
|
|
* );
|
|
* @endcode
|
|
* When using this setting on an existing installation, ensure that all existing
|
|
* tables have been converted to the utf8mb4 charset, for example by using the
|
|
* utf8mb4_convert contributed project available at
|
|
* https://www.drupal.org/project/utf8mb4_convert, so as to prevent mixing data
|
|
* with different charsets.
|
|
* Note this should only be used when all of the following conditions are met:
|
|
* - In order to allow for large indexes, MySQL must be set up with the
|
|
* following my.cnf settings:
|
|
* [mysqld]
|
|
* innodb_large_prefix=true
|
|
* innodb_file_format=barracuda
|
|
* innodb_file_per_table=true
|
|
* These settings are available as of MySQL 5.5.14, and are defaults in
|
|
* MySQL 5.7.7 and up.
|
|
* - The PHP MySQL driver must support the utf8mb4 charset (libmysqlclient
|
|
* 5.5.3 and up, as well as mysqlnd 5.0.9 and up).
|
|
* - The MySQL server must support the utf8mb4 charset (5.5.3 and up).
|
|
*
|
|
* You can optionally set prefixes for some or all database table names
|
|
* by using the 'prefix' setting. If a prefix is specified, the table
|
|
* name will be prepended with its value. Be sure to use valid database
|
|
* characters only, usually alphanumeric and underscore. If no prefixes
|
|
* are desired, leave it as an empty string ''.
|
|
*
|
|
* To have all database names prefixed, set 'prefix' as a string:
|
|
* @code
|
|
* 'prefix' => 'main_',
|
|
* @endcode
|
|
* To provide prefixes for specific tables, set 'prefix' as an array.
|
|
* The array's keys are the table names and the values are the prefixes.
|
|
* The 'default' element is mandatory and holds the prefix for any tables
|
|
* not specified elsewhere in the array. Example:
|
|
* @code
|
|
* 'prefix' => array(
|
|
* 'default' => 'main_',
|
|
* 'users' => 'shared_',
|
|
* 'sessions' => 'shared_',
|
|
* 'role' => 'shared_',
|
|
* 'authmap' => 'shared_',
|
|
* ),
|
|
* @endcode
|
|
* You can also use a reference to a schema/database as a prefix. This may be
|
|
* useful if your Drupal installation exists in a schema that is not the default
|
|
* or you want to access several databases from the same code base at the same
|
|
* time.
|
|
* Example:
|
|
* @code
|
|
* 'prefix' => array(
|
|
* 'default' => 'main.',
|
|
* 'users' => 'shared.',
|
|
* 'sessions' => 'shared.',
|
|
* 'role' => 'shared.',
|
|
* 'authmap' => 'shared.',
|
|
* );
|
|
* @endcode
|
|
* NOTE: MySQL and SQLite's definition of a schema is a database.
|
|
*
|
|
* Advanced users can add or override initial commands to execute when
|
|
* connecting to the database server, as well as PDO connection settings. For
|
|
* example, to enable MySQL SELECT queries to exceed the max_join_size system
|
|
* variable, and to reduce the database connection timeout to 5 seconds.
|
|
*
|
|
* NOTE: NO_AUTO_CREATE_USER was removed in MySQL 8.0.11.
|
|
* Some hosting providers/MySQL packages may report the wrong MySQL version.
|
|
* If this is the case, set 'sql_mode' manually:
|
|
*
|
|
* @code
|
|
* $databases['default']['default'] = array(
|
|
* 'init_commands' => array(
|
|
* 'big_selects' => 'SET SQL_BIG_SELECTS=1',
|
|
* 'sql_mode' => "SET sql_mode = 'REAL_AS_FLOAT,PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO",
|
|
* ),
|
|
* 'pdo' => array(
|
|
* PDO::ATTR_TIMEOUT => 5,
|
|
* ),
|
|
* );
|
|
* @endcode
|
|
*
|
|
* WARNING: These defaults are designed for database portability. Changing them
|
|
* may cause unexpected behavior, including potential data loss.
|
|
*
|
|
* @see DatabaseConnection_mysql::__construct
|
|
* @see DatabaseConnection_pgsql::__construct
|
|
* @see DatabaseConnection_sqlite::__construct
|
|
*
|
|
* Database configuration format:
|
|
* @code
|
|
* $databases['default']['default'] = array(
|
|
* 'driver' => 'mysql',
|
|
* 'database' => 'databasename',
|
|
* 'username' => 'username',
|
|
* 'password' => 'password',
|
|
* 'host' => 'localhost',
|
|
* 'prefix' => '',
|
|
* );
|
|
* $databases['default']['default'] = array(
|
|
* 'driver' => 'pgsql',
|
|
* 'database' => 'databasename',
|
|
* 'username' => 'username',
|
|
* 'password' => 'password',
|
|
* 'host' => 'localhost',
|
|
* 'prefix' => '',
|
|
* );
|
|
* $databases['default']['default'] = array(
|
|
* 'driver' => 'sqlite',
|
|
* 'database' => '/path/to/databasefilename',
|
|
* );
|
|
* @endcode
|
|
*/
|
|
$databases = array();
|
|
|
|
/**
|
|
* Quoting of identifiers in MySQL.
|
|
*
|
|
* To allow compatibility with newer versions of MySQL, Drupal will quote table
|
|
* names and some other identifiers. The ANSI standard character for identifier
|
|
* quoting is the double quote (") and that can be used by MySQL along with the
|
|
* sql_mode setting of ANSI_QUOTES. However, MySQL's own default is to use
|
|
* backticks (`). Drupal 7 uses backticks for compatibility. If you need to
|
|
* change this, you can do so with this variable. It's possible to switch off
|
|
* identifier quoting altogether by setting this variable to an empty string.
|
|
*
|
|
* @see https://www.drupal.org/project/drupal/issues/2978575
|
|
* @see https://dev.mysql.com/doc/refman/8.0/en/identifiers.html
|
|
* @see \DatabaseConnection_mysql::setPrefix
|
|
* @see \DatabaseConnection_mysql::quoteIdentifier
|
|
*/
|
|
# $conf['mysql_identifier_quote_character'] = '"';
|
|
|
|
/**
|
|
* Access control for update.php script.
|
|
*
|
|
* If you are updating your Drupal installation using the update.php script but
|
|
* are not logged in using either an account with the "Administer software
|
|
* updates" permission or the site maintenance account (the account that was
|
|
* created during installation), you will need to modify the access check
|
|
* statement below. Change the FALSE to a TRUE to disable the access check.
|
|
* After finishing the upgrade, be sure to open this file again and change the
|
|
* TRUE back to a FALSE!
|
|
*/
|
|
$update_free_access = FALSE;
|
|
|
|
/**
|
|
* Salt for one-time login links and cancel links, form tokens, etc.
|
|
*
|
|
* This variable will be set to a random value by the installer. All one-time
|
|
* login links will be invalidated if the value is changed. Note that if your
|
|
* site is deployed on a cluster of web servers, you must ensure that this
|
|
* variable has the same value on each server. If this variable is empty, a hash
|
|
* of the serialized database credentials will be used as a fallback salt.
|
|
*
|
|
* For enhanced security, you may set this variable to a value using the
|
|
* contents of a file outside your docroot that is never saved together
|
|
* with any backups of your Drupal files and database.
|
|
*
|
|
* Example:
|
|
* $drupal_hash_salt = file_get_contents('/home/example/salt.txt');
|
|
*
|
|
*/
|
|
$drupal_hash_salt = '';
|
|
|
|
/**
|
|
* Base URL (optional).
|
|
*
|
|
* If Drupal is generating incorrect URLs on your site, which could
|
|
* be in HTML headers (links to CSS and JS files) or visible links on pages
|
|
* (such as in menus), uncomment the Base URL statement below (remove the
|
|
* leading hash sign) and fill in the absolute URL to your Drupal installation.
|
|
*
|
|
* You might also want to force users to use a given domain.
|
|
* See the .htaccess file for more information.
|
|
*
|
|
* Examples:
|
|
* $base_url = 'http://www.example.com';
|
|
* $base_url = 'http://www.example.com:8888';
|
|
* $base_url = 'http://www.example.com/drupal';
|
|
* $base_url = 'https://www.example.com:8888/drupal';
|
|
*
|
|
* It is not allowed to have a trailing slash; Drupal will add it
|
|
* for you.
|
|
*/
|
|
# $base_url = 'http://www.example.com'; // NO trailing slash!
|
|
|
|
/**
|
|
* PHP settings:
|
|
*
|
|
* To see what PHP settings are possible, including whether they can be set at
|
|
* runtime (by using ini_set()), read the PHP documentation:
|
|
* http://www.php.net/manual/ini.list.php
|
|
* See drupal_environment_initialize() in includes/bootstrap.inc for required
|
|
* runtime settings and the .htaccess file for non-runtime settings. Settings
|
|
* defined there should not be duplicated here so as to avoid conflict issues.
|
|
*/
|
|
|
|
/**
|
|
* Some distributions of Linux (most notably Debian) ship their PHP
|
|
* installations with garbage collection (gc) disabled. Since Drupal depends on
|
|
* PHP's garbage collection for clearing sessions, ensure that garbage
|
|
* collection occurs by using the most common settings.
|
|
*/
|
|
ini_set('session.gc_probability', 1);
|
|
ini_set('session.gc_divisor', 100);
|
|
|
|
/**
|
|
* Set session lifetime (in seconds), i.e. the time from the user's last visit
|
|
* to the active session may be deleted by the session garbage collector. When
|
|
* a session is deleted, authenticated users are logged out, and the contents
|
|
* of the user's $_SESSION variable is discarded.
|
|
*/
|
|
ini_set('session.gc_maxlifetime', 200000);
|
|
|
|
/**
|
|
* Set session cookie lifetime (in seconds), i.e. the time from the session is
|
|
* created to the cookie expires, i.e. when the browser is expected to discard
|
|
* the cookie. The value 0 means "until the browser is closed".
|
|
*/
|
|
ini_set('session.cookie_lifetime', 2000000);
|
|
|
|
/**
|
|
* If you encounter a situation where users post a large amount of text, and
|
|
* the result is stripped out upon viewing but can still be edited, Drupal's
|
|
* output filter may not have sufficient memory to process it. If you
|
|
* experience this issue, you may wish to uncomment the following two lines
|
|
* and increase the limits of these variables. For more information, see
|
|
* http://php.net/manual/pcre.configuration.php.
|
|
*/
|
|
# ini_set('pcre.backtrack_limit', 200000);
|
|
# ini_set('pcre.recursion_limit', 200000);
|
|
|
|
/**
|
|
* Drupal automatically generates a unique session cookie name for each site
|
|
* based on its full domain name. If you have multiple domains pointing at the
|
|
* same Drupal site, you can either redirect them all to a single domain (see
|
|
* comment in .htaccess), or uncomment the line below and specify their shared
|
|
* base domain. Doing so assures that users remain logged in as they cross
|
|
* between your various domains. Make sure to always start the $cookie_domain
|
|
* with a leading dot, as per RFC 2109.
|
|
*/
|
|
# $cookie_domain = '.example.com';
|
|
|
|
/**
|
|
* Variable overrides:
|
|
*
|
|
* To override specific entries in the 'variable' table for this site,
|
|
* set them here. You usually don't need to use this feature. This is
|
|
* useful in a configuration file for a vhost or directory, rather than
|
|
* the default settings.php. Any configuration setting from the 'variable'
|
|
* table can be given a new value. Note that any values you provide in
|
|
* these variable overrides will not be modifiable from the Drupal
|
|
* administration interface.
|
|
*
|
|
* The following overrides are examples:
|
|
* - site_name: Defines the site's name.
|
|
* - theme_default: Defines the default theme for this site.
|
|
* - anonymous: Defines the human-readable name of anonymous users.
|
|
* Remove the leading hash signs to enable.
|
|
*/
|
|
# $conf['site_name'] = 'My Drupal site';
|
|
# $conf['theme_default'] = 'garland';
|
|
# $conf['anonymous'] = 'Visitor';
|
|
|
|
/**
|
|
* A custom theme can be set for the offline page. This applies when the site
|
|
* is explicitly set to maintenance mode through the administration page or when
|
|
* the database is inactive due to an error. It can be set through the
|
|
* 'maintenance_theme' key. The template file should also be copied into the
|
|
* theme. It is located inside 'modules/system/maintenance-page.tpl.php'.
|
|
* Note: This setting does not apply to installation and update pages.
|
|
*/
|
|
# $conf['maintenance_theme'] = 'bartik';
|
|
|
|
/**
|
|
* Reverse Proxy Configuration:
|
|
*
|
|
* Reverse proxy servers are often used to enhance the performance
|
|
* of heavily visited sites and may also provide other site caching,
|
|
* security, or encryption benefits. In an environment where Drupal
|
|
* is behind a reverse proxy, the real IP address of the client should
|
|
* be determined such that the correct client IP address is available
|
|
* to Drupal's logging, statistics, and access management systems. In
|
|
* the most simple scenario, the proxy server will add an
|
|
* X-Forwarded-For header to the request that contains the client IP
|
|
* address. However, HTTP headers are vulnerable to spoofing, where a
|
|
* malicious client could bypass restrictions by setting the
|
|
* X-Forwarded-For header directly. Therefore, Drupal's proxy
|
|
* configuration requires the IP addresses of all remote proxies to be
|
|
* specified in $conf['reverse_proxy_addresses'] to work correctly.
|
|
*
|
|
* Enable this setting to get Drupal to determine the client IP from
|
|
* the X-Forwarded-For header (or $conf['reverse_proxy_header'] if set).
|
|
* If you are unsure about this setting, do not have a reverse proxy,
|
|
* or Drupal operates in a shared hosting environment, this setting
|
|
* should remain commented out.
|
|
*
|
|
* In order for this setting to be used you must specify every possible
|
|
* reverse proxy IP address in $conf['reverse_proxy_addresses'].
|
|
* If a complete list of reverse proxies is not available in your
|
|
* environment (for example, if you use a CDN) you may set the
|
|
* $_SERVER['REMOTE_ADDR'] variable directly in settings.php.
|
|
* Be aware, however, that it is likely that this would allow IP
|
|
* address spoofing unless more advanced precautions are taken.
|
|
*/
|
|
# $conf['reverse_proxy'] = TRUE;
|
|
|
|
/**
|
|
* Specify every reverse proxy IP address in your environment.
|
|
* This setting is required if $conf['reverse_proxy'] is TRUE.
|
|
*/
|
|
# $conf['reverse_proxy_addresses'] = array('a.b.c.d', ...);
|
|
|
|
/**
|
|
* Set this value if your proxy server sends the client IP in a header
|
|
* other than X-Forwarded-For.
|
|
*/
|
|
# $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP';
|
|
|
|
/**
|
|
* Page caching:
|
|
*
|
|
* By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page
|
|
* views. This tells a HTTP proxy that it may return a page from its local
|
|
* cache without contacting the web server, if the user sends the same Cookie
|
|
* header as the user who originally requested the cached page. Without "Vary:
|
|
* Cookie", authenticated users would also be served the anonymous page from
|
|
* the cache. If the site has mostly anonymous users except a few known
|
|
* editors/administrators, the Vary header can be omitted. This allows for
|
|
* better caching in HTTP proxies (including reverse proxies), i.e. even if
|
|
* clients send different cookies, they still get content served from the cache.
|
|
* However, authenticated users should access the site directly (i.e. not use an
|
|
* HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid
|
|
* getting cached pages from the proxy.
|
|
*/
|
|
# $conf['omit_vary_cookie'] = TRUE;
|
|
|
|
/**
|
|
* CSS/JS aggregated file gzip compression:
|
|
*
|
|
* By default, when CSS or JS aggregation and clean URLs are enabled Drupal will
|
|
* store a gzip compressed (.gz) copy of the aggregated files. If this file is
|
|
* available then rewrite rules in the default .htaccess file will serve these
|
|
* files to browsers that accept gzip encoded content. This allows pages to load
|
|
* faster for these users and has minimal impact on server load. If you are
|
|
* using a webserver other than Apache httpd, or a caching reverse proxy that is
|
|
* configured to cache and compress these files itself you may want to uncomment
|
|
* one or both of the below lines, which will prevent gzip files being stored.
|
|
*/
|
|
# $conf['css_gzip_compression'] = FALSE;
|
|
# $conf['js_gzip_compression'] = FALSE;
|
|
|
|
/**
|
|
* Block caching:
|
|
*
|
|
* Block caching may not be compatible with node access modules depending on
|
|
* how the original block cache policy is defined by the module that provides
|
|
* the block. By default, Drupal therefore disables block caching when one or
|
|
* more modules implement hook_node_grants(). If you consider block caching to
|
|
* be safe on your site and want to bypass this restriction, uncomment the line
|
|
* below.
|
|
*/
|
|
# $conf['block_cache_bypass_node_grants'] = TRUE;
|
|
|
|
/**
|
|
* Expiration of cache_form entries:
|
|
*
|
|
* Drupal's Form API stores details of forms in cache_form and these entries are
|
|
* kept for at least 6 hours by default. Expired entries are cleared by cron.
|
|
* Busy sites can encounter problems with the cache_form table becoming very
|
|
* large. It's possible to mitigate this by setting a shorter expiration for
|
|
* cached forms. In some cases it may be desirable to set a longer cache
|
|
* expiration, for example to prolong cache_form entries for Ajax forms in
|
|
* cached HTML.
|
|
*
|
|
* @see form_set_cache()
|
|
* @see system_cron()
|
|
* @see ajax_get_form()
|
|
*/
|
|
# $conf['form_cache_expiration'] = 21600;
|
|
|
|
/**
|
|
* String overrides:
|
|
*
|
|
* To override specific strings on your site with or without enabling the Locale
|
|
* module, add an entry to this list. This functionality allows you to change
|
|
* a small number of your site's default English language interface strings.
|
|
*
|
|
* Remove the leading hash signs to enable.
|
|
*/
|
|
# $conf['locale_custom_strings_en'][''] = array(
|
|
# 'forum' => 'Discussion board',
|
|
# '@count min' => '@count minutes',
|
|
# );
|
|
|
|
/**
|
|
*
|
|
* IP blocking:
|
|
*
|
|
* To bypass database queries for denied IP addresses, use this setting.
|
|
* Drupal queries the {blocked_ips} table by default on every page request
|
|
* for both authenticated and anonymous users. This allows the system to
|
|
* block IP addresses from within the administrative interface and before any
|
|
* modules are loaded. However on high traffic websites you may want to avoid
|
|
* this query, allowing you to bypass database access altogether for anonymous
|
|
* users under certain caching configurations.
|
|
*
|
|
* If using this setting, you will need to add back any IP addresses which
|
|
* you may have blocked via the administrative interface. Each element of this
|
|
* array represents a blocked IP address. Uncommenting the array and leaving it
|
|
* empty will have the effect of disabling IP blocking on your site.
|
|
*
|
|
* Remove the leading hash signs to enable.
|
|
*/
|
|
# $conf['blocked_ips'] = array(
|
|
# 'a.b.c.d',
|
|
# );
|
|
|
|
/**
|
|
* Fast 404 pages:
|
|
*
|
|
* Drupal can generate fully themed 404 pages. However, some of these responses
|
|
* are for images or other resource files that are not displayed to the user.
|
|
* This can waste bandwidth, and also generate server load.
|
|
*
|
|
* The options below return a simple, fast 404 page for URLs matching a
|
|
* specific pattern:
|
|
* - 404_fast_paths_exclude: A regular expression to match paths to exclude,
|
|
* such as images generated by image styles, or dynamically-resized images.
|
|
* The default pattern provided below also excludes the private file system.
|
|
* If you need to add more paths, you can add '|path' to the expression.
|
|
* - 404_fast_paths: A regular expression to match paths that should return a
|
|
* simple 404 page, rather than the fully themed 404 page. If you don't have
|
|
* any aliases ending in htm or html you can add '|s?html?' to the expression.
|
|
* - 404_fast_html: The html to return for simple 404 pages.
|
|
*
|
|
* Add leading hash signs if you would like to disable this functionality.
|
|
*/
|
|
$conf['404_fast_paths_exclude'] = '/\/(?:styles)|(?:system\/files)\//';
|
|
$conf['404_fast_paths'] = '/\.(?:txt|png|gif|jpe?g|css|js|ico|swf|flv|cgi|bat|pl|dll|exe|asp)$/i';
|
|
$conf['404_fast_html'] = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL "@path" was not found on this server.</p></body></html>';
|
|
|
|
/**
|
|
* By default the page request process will return a fast 404 page for missing
|
|
* files if they match the regular expression set in '404_fast_paths' and not
|
|
* '404_fast_paths_exclude' above. 404 errors will simultaneously be logged in
|
|
* the Drupal system log.
|
|
*
|
|
* You can choose to return a fast 404 page earlier for missing pages (as soon
|
|
* as settings.php is loaded) by uncommenting the line below. This speeds up
|
|
* server response time when loading 404 error pages and prevents the 404 error
|
|
* from being logged in the Drupal system log. In order to prevent valid pages
|
|
* such as image styles and other generated content that may match the
|
|
* '404_fast_paths' regular expression from returning 404 errors, it is
|
|
* necessary to add them to the '404_fast_paths_exclude' regular expression
|
|
* above. Make sure that you understand the effects of this feature before
|
|
* uncommenting the line below.
|
|
*/
|
|
# drupal_fast_404();
|
|
|
|
/**
|
|
* External access proxy settings:
|
|
*
|
|
* If your site must access the Internet via a web proxy then you can enter
|
|
* the proxy settings here. Currently only basic authentication is supported
|
|
* by using the username and password variables. The proxy_user_agent variable
|
|
* can be set to NULL for proxies that require no User-Agent header or to a
|
|
* non-empty string for proxies that limit requests to a specific agent. The
|
|
* proxy_exceptions variable is an array of host names to be accessed directly,
|
|
* not via proxy.
|
|
*/
|
|
# $conf['proxy_server'] = '';
|
|
# $conf['proxy_port'] = 8080;
|
|
# $conf['proxy_username'] = '';
|
|
# $conf['proxy_password'] = '';
|
|
# $conf['proxy_user_agent'] = '';
|
|
# $conf['proxy_exceptions'] = array('127.0.0.1', 'localhost');
|
|
|
|
/**
|
|
* Authorized file system operations:
|
|
*
|
|
* The Update manager module included with Drupal provides a mechanism for
|
|
* site administrators to securely install missing updates for the site
|
|
* directly through the web user interface. On securely-configured servers,
|
|
* the Update manager will require the administrator to provide SSH or FTP
|
|
* credentials before allowing the installation to proceed; this allows the
|
|
* site to update the new files as the user who owns all the Drupal files,
|
|
* instead of as the user the webserver is running as. On servers where the
|
|
* webserver user is itself the owner of the Drupal files, the administrator
|
|
* will not be prompted for SSH or FTP credentials (note that these server
|
|
* setups are common on shared hosting, but are inherently insecure).
|
|
*
|
|
* Some sites might wish to disable the above functionality, and only update
|
|
* the code directly via SSH or FTP themselves. This setting completely
|
|
* disables all functionality related to these authorized file operations.
|
|
*
|
|
* @see http://drupal.org/node/244924
|
|
*
|
|
* Remove the leading hash signs to disable.
|
|
*/
|
|
# $conf['allow_authorize_operations'] = FALSE;
|
|
|
|
/**
|
|
* Theme debugging:
|
|
*
|
|
* When debugging is enabled:
|
|
* - The markup of each template is surrounded by HTML comments that contain
|
|
* theming information, such as template file name suggestions.
|
|
* - Note that this debugging markup will cause automated tests that directly
|
|
* check rendered HTML to fail.
|
|
*
|
|
* For more information about debugging theme templates, see
|
|
* https://www.drupal.org/node/223440#theme-debug.
|
|
*
|
|
* Not recommended in production environments.
|
|
*
|
|
* Remove the leading hash sign to enable.
|
|
*/
|
|
# $conf['theme_debug'] = TRUE;
|
|
|
|
/**
|
|
* CSS identifier double underscores allowance:
|
|
*
|
|
* To allow CSS identifiers to contain double underscores (.example__selector)
|
|
* for Drupal's BEM-style naming standards, uncomment the line below.
|
|
* Note that if you change this value in existing sites, existing page styles
|
|
* may be broken.
|
|
*
|
|
* @see drupal_clean_css_identifier()
|
|
*/
|
|
# $conf['allow_css_double_underscores'] = TRUE;
|
|
|
|
/**
|
|
* The default list of directories that will be ignored by Drupal's file API.
|
|
*
|
|
* By default ignore node_modules and bower_components folders to avoid issues
|
|
* with common frontend tools and recursive scanning of directories looking for
|
|
* extensions.
|
|
*
|
|
* @see file_scan_directory()
|
|
*/
|
|
$conf['file_scan_ignore_directories'] = array(
|
|
'node_modules',
|
|
'bower_components',
|
|
);
|
|
|
|
/**
|
|
* Logging of user flood control events.
|
|
*
|
|
* Drupal's user module will place a temporary block on a given IP address or
|
|
* user account if there are excessive failed login attempts. By default these
|
|
* flood control events will be logged. This can be useful for identifying
|
|
* brute force login attacks. Set this variable to FALSE to disable logging, for
|
|
* example if you are using the dblog module and want to avoid database writes.
|
|
*
|
|
* @see user_login_final_validate()
|
|
* @see user_user_flood_control()
|
|
*/
|
|
# $conf['log_user_flood_control'] = FALSE;
|
|
|
|
/**
|
|
* Opt out of variable_initialize() locking optimization.
|
|
*
|
|
* After lengthy discussion in https://www.drupal.org/node/973436 a change was
|
|
* made in variable_initialize() in order to avoid excessive waiting under
|
|
* certain conditions. Set this variable to TRUE in order to opt out of this
|
|
* optimization and revert to the original behaviour.
|
|
*/
|
|
# $conf['variable_initialize_wait_for_lock'] = FALSE;
|
|
|
|
/**
|
|
* Opt in to field_sql_storage_field_storage_write() optimization.
|
|
*
|
|
* To reduce unnecessary writes field_sql_storage_field_storage_write() can skip
|
|
* fields where values have apparently not changed. To opt in to this
|
|
* optimization, set this variable to TRUE.
|
|
*/
|
|
$conf['field_sql_storage_skip_writing_unchanged_fields'] = TRUE;
|
|
|
|
/**
|
|
* Use site name as display-name in outgoing mail.
|
|
*
|
|
* Drupal can use the site name (i.e. the value of the site_name variable) as
|
|
* the display-name when sending e-mail. For example this would mean the sender
|
|
* might be "Acme Website" <acme@example.com> as opposed to just the e-mail
|
|
* address alone. In order to avoid disruption this is not enabled by default
|
|
* for existing sites. The feature can be enabled by setting this variable to
|
|
* TRUE.
|
|
*
|
|
* @see https://tools.ietf.org/html/rfc2822
|
|
* @see drupal_mail()
|
|
*/
|
|
$conf['mail_display_name_site_name'] = TRUE;
|
|
|
|
/**
|
|
* SameSite cookie attribute.
|
|
*
|
|
* This variable can be used to set a value for the SameSite cookie attribute.
|
|
*
|
|
* Versions of PHP before 7.3 have no native support for the SameSite attribute
|
|
* so it is emulated.
|
|
*
|
|
* The session.cookie-samesite setting in PHP 7.3 and later will be overridden
|
|
* by this variable for Drupal session cookies, and any other cookies managed
|
|
* with drupal_setcookie().
|
|
*
|
|
* Setting this variable to FALSE disables the SameSite attribute on cookies.
|
|
*
|
|
* @see drupal_setcookie()
|
|
* @see drupal_session_start()
|
|
* @see https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-samesite
|
|
*/
|
|
# $conf['samesite_cookie_value'] = 'None';
|
|
|
|
/**
|
|
* Retain legacy has_js cookie.
|
|
*
|
|
* Older releases of Drupal set a has_js cookie with a boolean value which
|
|
* server-side code can use to determine whether JavaScript is available.
|
|
*
|
|
* This functionality can be re-enabled by setting this variable to TRUE.
|
|
*/
|
|
# $conf['set_has_js_cookie'] = FALSE;
|
|
|
|
/**
|
|
* Skip file system permissions hardening.
|
|
*
|
|
* The system module will periodically check the permissions of your site's
|
|
* site directory to ensure that it is not writable by the website user. For
|
|
* sites that are managed with a version control system, this can cause problems
|
|
* when files in that directory such as settings.php are updated, because the
|
|
* user pulling in the changes won't have permissions to modify files in the
|
|
* directory.
|
|
*/
|
|
# $conf['skip_permissions_hardening'] = TRUE;
|
|
|
|
/**
|
|
* Additional public file schemes:
|
|
*
|
|
* Public schemes are URI schemes that allow download access to all users for
|
|
* all files within that scheme.
|
|
*
|
|
* The "public" scheme is always public, and the "private" scheme is always
|
|
* private, but other schemes, such as "https", "s3", "example", or others,
|
|
* can be either public or private depending on the site. By default, they're
|
|
* private, and access to individual files is controlled via
|
|
* hook_file_download().
|
|
*
|
|
* Typically, if a scheme should be public, a module makes it public by
|
|
* implementing hook_file_download(), and granting access to all users for all
|
|
* files. This could be either the same module that provides the stream wrapper
|
|
* for the scheme, or a different module that decides to make the scheme
|
|
* public. However, in cases where a site needs to make a scheme public, but
|
|
* is unable to add code in a module to do so, the scheme may be added to this
|
|
* variable, the result of which is that system_file_download() grants public
|
|
* access to all files within that scheme.
|
|
*/
|
|
# $conf['file_additional_public_schemes'] = array('example');
|
|
|
|
/**
|
|
* Sensitive request headers in drupal_http_request() when following a redirect.
|
|
*
|
|
* By default drupal_http_request() will strip sensitive request headers when
|
|
* following a redirect if the redirect location has a different http host to
|
|
* the original request, or if the scheme downgrades from https to http.
|
|
*
|
|
* These variables allow opting out of this behaviour. Careful consideration of
|
|
* the security implications of opting out is recommended.
|
|
*
|
|
* @see _drupal_should_strip_sensitive_headers_on_http_redirect()
|
|
* @see drupal_http_request()
|
|
*/
|
|
# $conf['drupal_http_request_strip_sensitive_headers_on_host_change'] = TRUE;
|
|
# $conf['drupal_http_request_strip_sensitive_headers_on_https_downgrade'] = TRUE;
|
|
|
|
/**
|
|
* Cron lock expiration timeout:
|
|
*
|
|
* Each time Drupal's cron is executed, it acquires a cron lock. Older releases
|
|
* of Drupal set the default cron lock expiration timeout to 240 seconds. This
|
|
* duration was considered short, because it often caused concurrent cron runs
|
|
* especially on busy sites heavily utilizing cron.
|
|
*
|
|
* Use this variable to set a custom cron lock expiration timeout (float).
|
|
*/
|
|
# $conf['cron_lock_expiration_timeout'] = 900.0;
|
|
|
|
/**
|
|
* File schemes whose paths should not be normalized:
|
|
*
|
|
* Normally, Drupal normalizes '/./' and '/../' segments in file URIs in order
|
|
* to prevent unintended file access. For example, 'private://css/../image.png'
|
|
* is normalized to 'private://image.png' before checking access to the file.
|
|
*
|
|
* On Windows, Drupal also replaces '\' with '/' in URIs for the local
|
|
* filesystem.
|
|
*
|
|
* If file URIs with one or more scheme should not be normalized like this, then
|
|
* list the schemes here. For example, if 'porcelain://china/./plate.png' should
|
|
* not be normalized to 'porcelain://china/plate.png', then add 'porcelain' to
|
|
* this array. In this case, make sure that the module providing the 'porcelain'
|
|
* scheme does not allow unintended file access when using '/../' to move up the
|
|
* directory tree.
|
|
*/
|
|
# $conf['file_sa_core_2023_005_schemes'] = array('porcelain');
|
|
|
|
/**
|
|
* Configuration for phpinfo() admin status report.
|
|
*
|
|
* Drupal's admin UI includes a report at admin/reports/status/php which shows
|
|
* the output of phpinfo(). The full output can contain sensitive information
|
|
* so by default Drupal removes some sections.
|
|
*
|
|
* This behaviour can be configured by setting this variable to a different
|
|
* value corresponding to the flags parameter of phpinfo().
|
|
*
|
|
* If you need to expose more information in the report - for example to debug a
|
|
* problem - consider doing so temporarily.
|
|
*
|
|
* @see https://www.php.net/manual/function.phpinfo.php
|
|
*/
|
|
# $conf['sa_core_2023_004_phpinfo_flags'] = ~(INFO_VARIABLES | INFO_ENVIRONMENT);
|
|
|
|
/**
|
|
* Session IDs are hashed by default before being stored in the database. This
|
|
* reduces the risk of sessions being hijacked if the database is compromised.
|
|
*
|
|
* This variable allows opting out of this security improvement.
|
|
*/
|
|
# $conf['do_not_hash_session_ids'] = TRUE;
|
|
|
|
/**
|
|
* URL for update information.
|
|
*
|
|
* Drupal's update module can check for the availability of updates. By default
|
|
* https is used for this check. If for any reason your site cannot use https
|
|
* you can change this variable to fallback to http. It is recommended to fix
|
|
* the problem with SSL/TLS rather than use http which provides no security.
|
|
*/
|
|
# $conf['update_fetch_url'] = 'https://updates.drupal.org/release-history';
|
|
|
|
/**
|
|
* Opt out of double submit protection.
|
|
*
|
|
* By default Drupal will prevent consecutive form submissions of identical form
|
|
* values. Set this variable to FALSE in order to opt out of this
|
|
* prevention and revert to the original behaviour.
|
|
*/
|
|
# $conf['javascript_use_double_submit_protection'] = FALSE;
|