default.settings.php
Same filename in other branches
- 9 sites/default/default.settings.php
- 9 core/tests/Drupal/Tests/Composer/Plugin/Scaffold/fixtures/drupal-assets-fixture/assets/default.settings.php
- 9 core/assets/scaffold/files/default.settings.php
- 8.9.x sites/default/default.settings.php
- 8.9.x core/tests/Drupal/Tests/Composer/Plugin/Scaffold/fixtures/drupal-assets-fixture/assets/default.settings.php
- 8.9.x core/assets/scaffold/files/default.settings.php
- 10 sites/default/default.settings.php
- 10 core/tests/Drupal/Tests/Composer/Plugin/Scaffold/fixtures/drupal-assets-fixture/assets/default.settings.php
- 10 core/assets/scaffold/files/default.settings.php
- 11.x sites/default/default.settings.php
- 11.x core/tests/Drupal/Tests/Composer/Plugin/Scaffold/fixtures/drupal-assets-fixture/assets/default.settings.php
- 11.x core/assets/scaffold/files/default.settings.php
- 11.x core/modules/package_manager/tests/fixtures/fake_site/sites/default/default.settings.php
Drupal site-specific configuration file.
IMPORTANT NOTE: This file may have been set to read-only by the Drupal installation program. If you make changes to this file, be sure to protect it again after making your modifications. Failure to remove write permissions to this file is a security risk.
The configuration file to be loaded is based upon the rules below. However if the multisite aliasing file named sites/sites.php is present, it will be loaded, and the aliases in the array $sites will override the default directory rules below. See sites/example.sites.php for more information about aliases.
The configuration directory will be discovered by stripping the website's hostname from left to right and pathname from right to left. The first configuration file found will be used and any others will be ignored. If no other configuration file is found then the default configuration file at 'sites/default' will be used.
For example, for a fictitious site installed at http://www.drupal.org:8080/mysite/test/, the 'settings.php' file is searched for in the following directories:
- sites/8080.www.drupal.org.mysite.test
- sites/www.drupal.org.mysite.test
- sites/drupal.org.mysite.test
- sites/org.mysite.test
- sites/8080.www.drupal.org.mysite
- sites/www.drupal.org.mysite
- sites/drupal.org.mysite
- sites/org.mysite
- sites/8080.www.drupal.org
- sites/www.drupal.org
- sites/drupal.org
- sites/org
- sites/default
Note that if you are installing on a non-standard port number, prefix the hostname with that number. For example, http://www.drupal.org:8080/mysite/test/ could be loaded from sites/8080.www.drupal.org.mysite.test/.
See also
File
-
sites/
default/ default.settings.php
View source
<?php
/**
* @file
* Drupal site-specific configuration file.
*
* IMPORTANT NOTE:
* This file may have been set to read-only by the Drupal installation program.
* If you make changes to this file, be sure to protect it again after making
* your modifications. Failure to remove write permissions to this file is a
* security risk.
*
* The configuration file to be loaded is based upon the rules below. However
* if the multisite aliasing file named sites/sites.php is present, it will be
* loaded, and the aliases in the array $sites will override the default
* directory rules below. See sites/example.sites.php for more information about
* aliases.
*
* The configuration directory will be discovered by stripping the website's
* hostname from left to right and pathname from right to left. The first
* configuration file found will be used and any others will be ignored. If no
* other configuration file is found then the default configuration file at
* 'sites/default' will be used.
*
* For example, for a fictitious site installed at
* http://www.drupal.org:8080/mysite/test/, the 'settings.php' file is searched
* for in the following directories:
*
* - sites/8080.www.drupal.org.mysite.test
* - sites/www.drupal.org.mysite.test
* - sites/drupal.org.mysite.test
* - sites/org.mysite.test
*
* - sites/8080.www.drupal.org.mysite
* - sites/www.drupal.org.mysite
* - sites/drupal.org.mysite
* - sites/org.mysite
*
* - sites/8080.www.drupal.org
* - sites/www.drupal.org
* - sites/drupal.org
* - sites/org
*
* - sites/default
*
* Note that if you are installing on a non-standard port number, prefix the
* hostname with that number. For example,
* http://www.drupal.org:8080/mysite/test/ could be loaded from
* sites/8080.www.drupal.org.mysite.test/.
*
* @see example.sites.php
* @see conf_path()
*/
/**
* Database settings:
*
* The $databases array specifies the database connection or
* connections that Drupal may use. Drupal is able to connect
* to multiple databases, including multiple types of databases,
* during the same request.
*
* Each database connection is specified as an array of settings,
* similar to the following:
* @code
* array(
* 'driver' => 'mysql',
* 'database' => 'databasename',
* 'username' => 'username',
* 'password' => 'password',
* 'host' => 'localhost',
* 'port' => 3306,
* 'prefix' => 'myprefix_',
* 'collation' => 'utf8_general_ci',
* );
* @endcode
*
* The "driver" property indicates what Drupal database driver the
* connection should use. This is usually the same as the name of the
* database type, such as mysql or sqlite, but not always. The other
* properties will vary depending on the driver. For SQLite, you must
* specify a database file name in a directory that is writable by the
* webserver. For most other drivers, you must specify a
* username, password, host, and database name.
*
* Transaction support is enabled by default for all drivers that support it,
* including MySQL. To explicitly disable it, set the 'transactions' key to
* FALSE.
* Note that some configurations of MySQL, such as the MyISAM engine, don't
* support it and will proceed silently even if enabled. If you experience
* transaction related crashes with such configuration, set the 'transactions'
* key to FALSE.
*
* For each database, you may optionally specify multiple "target" databases.
* A target database allows Drupal to try to send certain queries to a
* different database if it can but fall back to the default connection if not.
* That is useful for master/slave replication, as Drupal may try to connect
* to a slave server when appropriate and if one is not available will simply
* fall back to the single master server.
*
* The general format for the $databases array is as follows:
* @code
* $databases['default']['default'] = $info_array;
* $databases['default']['slave'][] = $info_array;
* $databases['default']['slave'][] = $info_array;
* $databases['extra']['default'] = $info_array;
* @endcode
*
* In the above example, $info_array is an array of settings described above.
* The first line sets a "default" database that has one master database
* (the second level default). The second and third lines create an array
* of potential slave databases. Drupal will select one at random for a given
* request as needed. The fourth line creates a new database with a name of
* "extra".
*
* For a single database configuration, the following is sufficient:
* @code
* $databases['default']['default'] = array(
* 'driver' => 'mysql',
* 'database' => 'databasename',
* 'username' => 'username',
* 'password' => 'password',
* 'host' => 'localhost',
* 'prefix' => 'main_',
* 'collation' => 'utf8_general_ci',
* );
* @endcode
*
* For handling full UTF-8 in MySQL, including multi-byte characters such as
* emojis, Asian symbols, and mathematical symbols, you may set the collation
* and charset to "utf8mb4" prior to running install.php:
* @code
* $databases['default']['default'] = array(
* 'driver' => 'mysql',
* 'database' => 'databasename',
* 'username' => 'username',
* 'password' => 'password',
* 'host' => 'localhost',
* 'charset' => 'utf8mb4',
* 'collation' => 'utf8mb4_general_ci',
* );
* @endcode
* When using this setting on an existing installation, ensure that all existing
* tables have been converted to the utf8mb4 charset, for example by using the
* utf8mb4_convert contributed project available at
* https://www.drupal.org/project/utf8mb4_convert, so as to prevent mixing data
* with different charsets.
* Note this should only be used when all of the following conditions are met:
* - In order to allow for large indexes, MySQL must be set up with the
* following my.cnf settings:
* [mysqld]
* innodb_large_prefix=true
* innodb_file_format=barracuda
* innodb_file_per_table=true
* These settings are available as of MySQL 5.5.14, and are defaults in
* MySQL 5.7.7 and up.
* - The PHP MySQL driver must support the utf8mb4 charset (libmysqlclient
* 5.5.3 and up, as well as mysqlnd 5.0.9 and up).
* - The MySQL server must support the utf8mb4 charset (5.5.3 and up).
*
* You can optionally set prefixes for some or all database table names
* by using the 'prefix' setting. If a prefix is specified, the table
* name will be prepended with its value. Be sure to use valid database
* characters only, usually alphanumeric and underscore. If no prefixes
* are desired, leave it as an empty string ''.
*
* To have all database names prefixed, set 'prefix' as a string:
* @code
* 'prefix' => 'main_',
* @endcode
* To provide prefixes for specific tables, set 'prefix' as an array.
* The array's keys are the table names and the values are the prefixes.
* The 'default' element is mandatory and holds the prefix for any tables
* not specified elsewhere in the array. Example:
* @code
* 'prefix' => array(
* 'default' => 'main_',
* 'users' => 'shared_',
* 'sessions' => 'shared_',
* 'role' => 'shared_',
* 'authmap' => 'shared_',
* ),
* @endcode
* You can also use a reference to a schema/database as a prefix. This may be
* useful if your Drupal installation exists in a schema that is not the default
* or you want to access several databases from the same code base at the same
* time.
* Example:
* @code
* 'prefix' => array(
* 'default' => 'main.',
* 'users' => 'shared.',
* 'sessions' => 'shared.',
* 'role' => 'shared.',
* 'authmap' => 'shared.',
* );
* @endcode
* NOTE: MySQL and SQLite's definition of a schema is a database.
*
* Advanced users can add or override initial commands to execute when
* connecting to the database server, as well as PDO connection settings. For
* example, to enable MySQL SELECT queries to exceed the max_join_size system
* variable, and to reduce the database connection timeout to 5 seconds:
*
* @code
* $databases['default']['default'] = array(
* 'init_commands' => array(
* 'big_selects' => 'SET SQL_BIG_SELECTS=1',
* ),
* 'pdo' => array(
* PDO::ATTR_TIMEOUT => 5,
* ),
* );
* @endcode
*
* WARNING: These defaults are designed for database portability. Changing them
* may cause unexpected behavior, including potential data loss.
*
* @see DatabaseConnection_mysql::__construct
* @see DatabaseConnection_pgsql::__construct
* @see DatabaseConnection_sqlite::__construct
*
* Database configuration format:
* @code
* $databases['default']['default'] = array(
* 'driver' => 'mysql',
* 'database' => 'databasename',
* 'username' => 'username',
* 'password' => 'password',
* 'host' => 'localhost',
* 'prefix' => '',
* );
* $databases['default']['default'] = array(
* 'driver' => 'pgsql',
* 'database' => 'databasename',
* 'username' => 'username',
* 'password' => 'password',
* 'host' => 'localhost',
* 'prefix' => '',
* );
* $databases['default']['default'] = array(
* 'driver' => 'sqlite',
* 'database' => '/path/to/databasefilename',
* );
* @endcode
*/
$databases = array();
/**
* Quoting of identifiers in MySQL.
*
* To allow compatibility with newer versions of MySQL, Drupal will quote table
* names and some other identifiers. The ANSI standard character for identifier
* quoting is the double quote (") and that can be used by MySQL along with the
* sql_mode setting of ANSI_QUOTES. However, MySQL's own default is to use
* backticks (`). Drupal 7 uses backticks for compatibility. If you need to
* change this, you can do so with this variable. It's possible to switch off
* identifier quoting altogether by setting this variable to an empty string.
*
* @see https://www.drupal.org/project/drupal/issues/2978575
* @see https://dev.mysql.com/doc/refman/8.0/en/identifiers.html
* @see \DatabaseConnection_mysql::setPrefix
* @see \DatabaseConnection_mysql::quoteIdentifier
*/
# $conf['mysql_identifier_quote_character'] = '"';
/**
* Access control for update.php script.
*
* If you are updating your Drupal installation using the update.php script but
* are not logged in using either an account with the "Administer software
* updates" permission or the site maintenance account (the account that was
* created during installation), you will need to modify the access check
* statement below. Change the FALSE to a TRUE to disable the access check.
* After finishing the upgrade, be sure to open this file again and change the
* TRUE back to a FALSE!
*/
$update_free_access = FALSE;
/**
* Salt for one-time login links and cancel links, form tokens, etc.
*
* This variable will be set to a random value by the installer. All one-time
* login links will be invalidated if the value is changed. Note that if your
* site is deployed on a cluster of web servers, you must ensure that this
* variable has the same value on each server. If this variable is empty, a hash
* of the serialized database credentials will be used as a fallback salt.
*
* For enhanced security, you may set this variable to a value using the
* contents of a file outside your docroot that is never saved together
* with any backups of your Drupal files and database.
*
* Example:
* $drupal_hash_salt = file_get_contents('/home/example/salt.txt');
*
*/
$drupal_hash_salt = '';
/**
* Base URL (optional).
*
* If Drupal is generating incorrect URLs on your site, which could
* be in HTML headers (links to CSS and JS files) or visible links on pages
* (such as in menus), uncomment the Base URL statement below (remove the
* leading hash sign) and fill in the absolute URL to your Drupal installation.
*
* You might also want to force users to use a given domain.
* See the .htaccess file for more information.
*
* Examples:
* $base_url = 'http://www.example.com';
* $base_url = 'http://www.example.com:8888';
* $base_url = 'http://www.example.com/drupal';
* $base_url = 'https://www.example.com:8888/drupal';
*
* It is not allowed to have a trailing slash; Drupal will add it
* for you.
*/
# $base_url = 'http://www.example.com'; // NO trailing slash!
/**
* PHP settings:
*
* To see what PHP settings are possible, including whether they can be set at
* runtime (by using ini_set()), read the PHP documentation:
* http://www.php.net/manual/ini.list.php
* See drupal_environment_initialize() in includes/bootstrap.inc for required
* runtime settings and the .htaccess file for non-runtime settings. Settings
* defined there should not be duplicated here so as to avoid conflict issues.
*/
/**
* Some distributions of Linux (most notably Debian) ship their PHP
* installations with garbage collection (gc) disabled. Since Drupal depends on
* PHP's garbage collection for clearing sessions, ensure that garbage
* collection occurs by using the most common settings.
*/
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
/**
* Set session lifetime (in seconds), i.e. the time from the user's last visit
* to the active session may be deleted by the session garbage collector. When
* a session is deleted, authenticated users are logged out, and the contents
* of the user's $_SESSION variable is discarded.
*/
ini_set('session.gc_maxlifetime', 200000);
/**
* Set session cookie lifetime (in seconds), i.e. the time from the session is
* created to the cookie expires, i.e. when the browser is expected to discard
* the cookie. The value 0 means "until the browser is closed".
*/
ini_set('session.cookie_lifetime', 2000000);
/**
* If you encounter a situation where users post a large amount of text, and
* the result is stripped out upon viewing but can still be edited, Drupal's
* output filter may not have sufficient memory to process it. If you
* experience this issue, you may wish to uncomment the following two lines
* and increase the limits of these variables. For more information, see
* http://php.net/manual/pcre.configuration.php.
*/
# ini_set('pcre.backtrack_limit', 200000);
# ini_set('pcre.recursion_limit', 200000);
/**
* Drupal automatically generates a unique session cookie name for each site
* based on its full domain name. If you have multiple domains pointing at the
* same Drupal site, you can either redirect them all to a single domain (see
* comment in .htaccess), or uncomment the line below and specify their shared
* base domain. Doing so assures that users remain logged in as they cross
* between your various domains. Make sure to always start the $cookie_domain
* with a leading dot, as per RFC 2109.
*/
# $cookie_domain = '.example.com';
/**
* Variable overrides:
*
* To override specific entries in the 'variable' table for this site,
* set them here. You usually don't need to use this feature. This is
* useful in a configuration file for a vhost or directory, rather than
* the default settings.php. Any configuration setting from the 'variable'
* table can be given a new value. Note that any values you provide in
* these variable overrides will not be modifiable from the Drupal
* administration interface.
*
* The following overrides are examples:
* - site_name: Defines the site's name.
* - theme_default: Defines the default theme for this site.
* - anonymous: Defines the human-readable name of anonymous users.
* Remove the leading hash signs to enable.
*/
# $conf['site_name'] = 'My Drupal site';
# $conf['theme_default'] = 'garland';
# $conf['anonymous'] = 'Visitor';
/**
* A custom theme can be set for the offline page. This applies when the site
* is explicitly set to maintenance mode through the administration page or when
* the database is inactive due to an error. It can be set through the
* 'maintenance_theme' key. The template file should also be copied into the
* theme. It is located inside 'modules/system/maintenance-page.tpl.php'.
* Note: This setting does not apply to installation and update pages.
*/
# $conf['maintenance_theme'] = 'bartik';
/**
* Reverse Proxy Configuration:
*
* Reverse proxy servers are often used to enhance the performance
* of heavily visited sites and may also provide other site caching,
* security, or encryption benefits. In an environment where Drupal
* is behind a reverse proxy, the real IP address of the client should
* be determined such that the correct client IP address is available
* to Drupal's logging, statistics, and access management systems. In
* the most simple scenario, the proxy server will add an
* X-Forwarded-For header to the request that contains the client IP
* address. However, HTTP headers are vulnerable to spoofing, where a
* malicious client could bypass restrictions by setting the
* X-Forwarded-For header directly. Therefore, Drupal's proxy
* configuration requires the IP addresses of all remote proxies to be
* specified in $conf['reverse_proxy_addresses'] to work correctly.
*
* Enable this setting to get Drupal to determine the client IP from
* the X-Forwarded-For header (or $conf['reverse_proxy_header'] if set).
* If you are unsure about this setting, do not have a reverse proxy,
* or Drupal operates in a shared hosting environment, this setting
* should remain commented out.
*
* In order for this setting to be used you must specify every possible
* reverse proxy IP address in $conf['reverse_proxy_addresses'].
* If a complete list of reverse proxies is not available in your
* environment (for example, if you use a CDN) you may set the
* $_SERVER['REMOTE_ADDR'] variable directly in settings.php.
* Be aware, however, that it is likely that this would allow IP
* address spoofing unless more advanced precautions are taken.
*/
# $conf['reverse_proxy'] = TRUE;
/**
* Specify every reverse proxy IP address in your environment.
* This setting is required if $conf['reverse_proxy'] is TRUE.
*/
# $conf['reverse_proxy_addresses'] = array('a.b.c.d', ...);
/**
* Set this value if your proxy server sends the client IP in a header
* other than X-Forwarded-For.
*/
# $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP';
/**
* Page caching:
*
* By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page
* views. This tells a HTTP proxy that it may return a page from its local
* cache without contacting the web server, if the user sends the same Cookie
* header as the user who originally requested the cached page. Without "Vary:
* Cookie", authenticated users would also be served the anonymous page from
* the cache. If the site has mostly anonymous users except a few known
* editors/administrators, the Vary header can be omitted. This allows for
* better caching in HTTP proxies (including reverse proxies), i.e. even if
* clients send different cookies, they still get content served from the cache.
* However, authenticated users should access the site directly (i.e. not use an
* HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid
* getting cached pages from the proxy.
*/
# $conf['omit_vary_cookie'] = TRUE;
/**
* CSS/JS aggregated file gzip compression:
*
* By default, when CSS or JS aggregation and clean URLs are enabled Drupal will
* store a gzip compressed (.gz) copy of the aggregated files. If this file is
* available then rewrite rules in the default .htaccess file will serve these
* files to browsers that accept gzip encoded content. This allows pages to load
* faster for these users and has minimal impact on server load. If you are
* using a webserver other than Apache httpd, or a caching reverse proxy that is
* configured to cache and compress these files itself you may want to uncomment
* one or both of the below lines, which will prevent gzip files being stored.
*/
# $conf['css_gzip_compression'] = FALSE;
# $conf['js_gzip_compression'] = FALSE;
/**
* Block caching:
*
* Block caching may not be compatible with node access modules depending on
* how the original block cache policy is defined by the module that provides
* the block. By default, Drupal therefore disables block caching when one or
* more modules implement hook_node_grants(). If you consider block caching to
* be safe on your site and want to bypass this restriction, uncomment the line
* below.
*/
# $conf['block_cache_bypass_node_grants'] = TRUE;
/**
* Expiration of cache_form entries:
*
* Drupal's Form API stores details of forms in cache_form and these entries are
* kept for at least 6 hours by default. Expired entries are cleared by cron.
* Busy sites can encounter problems with the cache_form table becoming very
* large. It's possible to mitigate this by setting a shorter expiration for
* cached forms. In some cases it may be desirable to set a longer cache
* expiration, for example to prolong cache_form entries for Ajax forms in
* cached HTML.
*
* @see form_set_cache()
* @see system_cron()
* @see ajax_get_form()
*/
# $conf['form_cache_expiration'] = 21600;
/**
* String overrides:
*
* To override specific strings on your site with or without enabling the Locale
* module, add an entry to this list. This functionality allows you to change
* a small number of your site's default English language interface strings.
*
* Remove the leading hash signs to enable.
*/
# $conf['locale_custom_strings_en'][''] = array(
# 'forum' => 'Discussion board',
# '@count min' => '@count minutes',
# );
/**
*
* IP blocking:
*
* To bypass database queries for denied IP addresses, use this setting.
* Drupal queries the {blocked_ips} table by default on every page request
* for both authenticated and anonymous users. This allows the system to
* block IP addresses from within the administrative interface and before any
* modules are loaded. However on high traffic websites you may want to avoid
* this query, allowing you to bypass database access altogether for anonymous
* users under certain caching configurations.
*
* If using this setting, you will need to add back any IP addresses which
* you may have blocked via the administrative interface. Each element of this
* array represents a blocked IP address. Uncommenting the array and leaving it
* empty will have the effect of disabling IP blocking on your site.
*
* Remove the leading hash signs to enable.
*/
# $conf['blocked_ips'] = array(
# 'a.b.c.d',
# );
/**
* Fast 404 pages:
*
* Drupal can generate fully themed 404 pages. However, some of these responses
* are for images or other resource files that are not displayed to the user.
* This can waste bandwidth, and also generate server load.
*
* The options below return a simple, fast 404 page for URLs matching a
* specific pattern:
* - 404_fast_paths_exclude: A regular expression to match paths to exclude,
* such as images generated by image styles, or dynamically-resized images.
* The default pattern provided below also excludes the private file system.
* If you need to add more paths, you can add '|path' to the expression.
* - 404_fast_paths: A regular expression to match paths that should return a
* simple 404 page, rather than the fully themed 404 page. If you don't have
* any aliases ending in htm or html you can add '|s?html?' to the expression.
* - 404_fast_html: The html to return for simple 404 pages.
*
* Add leading hash signs if you would like to disable this functionality.
*/
$conf['404_fast_paths_exclude'] = '/\\/(?:styles)|(?:system\\/files)\\//';
$conf['404_fast_paths'] = '/\\.(?:txt|png|gif|jpe?g|css|js|ico|swf|flv|cgi|bat|pl|dll|exe|asp)$/i';
$conf['404_fast_html'] = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL "@path" was not found on this server.</p></body></html>';
/**
* By default the page request process will return a fast 404 page for missing
* files if they match the regular expression set in '404_fast_paths' and not
* '404_fast_paths_exclude' above. 404 errors will simultaneously be logged in
* the Drupal system log.
*
* You can choose to return a fast 404 page earlier for missing pages (as soon
* as settings.php is loaded) by uncommenting the line below. This speeds up
* server response time when loading 404 error pages and prevents the 404 error
* from being logged in the Drupal system log. In order to prevent valid pages
* such as image styles and other generated content that may match the
* '404_fast_paths' regular expression from returning 404 errors, it is
* necessary to add them to the '404_fast_paths_exclude' regular expression
* above. Make sure that you understand the effects of this feature before
* uncommenting the line below.
*/
# drupal_fast_404();
/**
* External access proxy settings:
*
* If your site must access the Internet via a web proxy then you can enter
* the proxy settings here. Currently only basic authentication is supported
* by using the username and password variables. The proxy_user_agent variable
* can be set to NULL for proxies that require no User-Agent header or to a
* non-empty string for proxies that limit requests to a specific agent. The
* proxy_exceptions variable is an array of host names to be accessed directly,
* not via proxy.
*/
# $conf['proxy_server'] = '';
# $conf['proxy_port'] = 8080;
# $conf['proxy_username'] = '';
# $conf['proxy_password'] = '';
# $conf['proxy_user_agent'] = '';
# $conf['proxy_exceptions'] = array('127.0.0.1', 'localhost');
/**
* Authorized file system operations:
*
* The Update manager module included with Drupal provides a mechanism for
* site administrators to securely install missing updates for the site
* directly through the web user interface. On securely-configured servers,
* the Update manager will require the administrator to provide SSH or FTP
* credentials before allowing the installation to proceed; this allows the
* site to update the new files as the user who owns all the Drupal files,
* instead of as the user the webserver is running as. On servers where the
* webserver user is itself the owner of the Drupal files, the administrator
* will not be prompted for SSH or FTP credentials (note that these server
* setups are common on shared hosting, but are inherently insecure).
*
* Some sites might wish to disable the above functionality, and only update
* the code directly via SSH or FTP themselves. This setting completely
* disables all functionality related to these authorized file operations.
*
* @see http://drupal.org/node/244924
*
* Remove the leading hash signs to disable.
*/
# $conf['allow_authorize_operations'] = FALSE;
/**
* Theme debugging:
*
* When debugging is enabled:
* - The markup of each template is surrounded by HTML comments that contain
* theming information, such as template file name suggestions.
* - Note that this debugging markup will cause automated tests that directly
* check rendered HTML to fail.
*
* For more information about debugging theme templates, see
* https://www.drupal.org/node/223440#theme-debug.
*
* Not recommended in production environments.
*
* Remove the leading hash sign to enable.
*/
# $conf['theme_debug'] = TRUE;
/**
* CSS identifier double underscores allowance:
*
* To allow CSS identifiers to contain double underscores (.example__selector)
* for Drupal's BEM-style naming standards, uncomment the line below.
* Note that if you change this value in existing sites, existing page styles
* may be broken.
*
* @see drupal_clean_css_identifier()
*/
# $conf['allow_css_double_underscores'] = TRUE;
/**
* The default list of directories that will be ignored by Drupal's file API.
*
* By default ignore node_modules and bower_components folders to avoid issues
* with common frontend tools and recursive scanning of directories looking for
* extensions.
*
* @see file_scan_directory()
*/
$conf['file_scan_ignore_directories'] = array(
'node_modules',
'bower_components',
);
/**
* Logging of user flood control events.
*
* Drupal's user module will place a temporary block on a given IP address or
* user account if there are excessive failed login attempts. By default these
* flood control events will be logged. This can be useful for identifying
* brute force login attacks. Set this variable to FALSE to disable logging, for
* example if you are using the dblog module and want to avoid database writes.
*
* @see user_login_final_validate()
* @see user_user_flood_control()
*/
# $conf['log_user_flood_control'] = FALSE;
/**
* Opt out of variable_initialize() locking optimization.
*
* After lengthy discussion in https://www.drupal.org/node/973436 a change was
* made in variable_initialize() in order to avoid excessive waiting under
* certain conditions. Set this variable to TRUE in order to opt out of this
* optimization and revert to the original behaviour.
*/
# $conf['variable_initialize_wait_for_lock'] = FALSE;
/**
* Opt in to field_sql_storage_field_storage_write() optimization.
*
* To reduce unnecessary writes field_sql_storage_field_storage_write() can skip
* fields where values have apparently not changed. To opt in to this
* optimization, set this variable to TRUE.
*/
$conf['field_sql_storage_skip_writing_unchanged_fields'] = TRUE;
/**
* Use site name as display-name in outgoing mail.
*
* Drupal can use the site name (i.e. the value of the site_name variable) as
* the display-name when sending e-mail. For example this would mean the sender
* might be "Acme Website" <acme@example.com> as opposed to just the e-mail
* address alone. In order to avoid disruption this is not enabled by default
* for existing sites. The feature can be enabled by setting this variable to
* TRUE.
*
* @see https://tools.ietf.org/html/rfc2822
* @see drupal_mail()
*/
$conf['mail_display_name_site_name'] = TRUE;
/**
* SameSite cookie attribute.
*
* This variable can be used to set a value for the SameSite cookie attribute.
*
* Versions of PHP before 7.3 have no native support for the SameSite attribute
* so it is emulated.
*
* The session.cookie-samesite setting in PHP 7.3 and later will be overridden
* by this variable for Drupal session cookies, and any other cookies managed
* with drupal_setcookie().
*
* Setting this variable to FALSE disables the SameSite attribute on cookies.
*
* @see drupal_setcookie()
* @see drupal_session_start()
* @see https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-samesite
*/
# $conf['samesite_cookie_value'] = 'None';
/**
* Retain legacy has_js cookie.
*
* Older releases of Drupal set a has_js cookie with a boolean value which
* server-side code can use to determine whether JavaScript is available.
*
* This functionality can be re-enabled by setting this variable to TRUE.
*/
# $conf['set_has_js_cookie'] = FALSE;
/**
* Skip file system permissions hardening.
*
* The system module will periodically check the permissions of your site's
* site directory to ensure that it is not writable by the website user. For
* sites that are managed with a version control system, this can cause problems
* when files in that directory such as settings.php are updated, because the
* user pulling in the changes won't have permissions to modify files in the
* directory.
*/
# $conf['skip_permissions_hardening'] = TRUE;
/**
* Additional public file schemes:
*
* Public schemes are URI schemes that allow download access to all users for
* all files within that scheme.
*
* The "public" scheme is always public, and the "private" scheme is always
* private, but other schemes, such as "https", "s3", "example", or others,
* can be either public or private depending on the site. By default, they're
* private, and access to individual files is controlled via
* hook_file_download().
*
* Typically, if a scheme should be public, a module makes it public by
* implementing hook_file_download(), and granting access to all users for all
* files. This could be either the same module that provides the stream wrapper
* for the scheme, or a different module that decides to make the scheme
* public. However, in cases where a site needs to make a scheme public, but
* is unable to add code in a module to do so, the scheme may be added to this
* variable, the result of which is that system_file_download() grants public
* access to all files within that scheme.
*/
# $conf['file_additional_public_schemes'] = array('example');
/**
* Sensitive request headers in drupal_http_request() when following a redirect.
*
* By default drupal_http_request() will strip sensitive request headers when
* following a redirect if the redirect location has a different http host to
* the original request, or if the scheme downgrades from https to http.
*
* These variables allow opting out of this behaviour. Careful consideration of
* the security implications of opting out is recommended.
*
* @see _drupal_should_strip_sensitive_headers_on_http_redirect()
* @see drupal_http_request()
*/
# $conf['drupal_http_request_strip_sensitive_headers_on_host_change'] = TRUE;
# $conf['drupal_http_request_strip_sensitive_headers_on_https_downgrade'] = TRUE;
/**
* Cron lock expiration timeout:
*
* Each time Drupal's cron is executed, it acquires a cron lock. Older releases
* of Drupal set the default cron lock expiration timeout to 240 seconds. This
* duration was considered short, because it often caused concurrent cron runs
* especially on busy sites heavily utilizing cron.
*
* Use this variable to set a custom cron lock expiration timeout (float).
*/
# $conf['cron_lock_expiration_timeout'] = 900.0;
/**
* File schemes whose paths should not be normalized:
*
* Normally, Drupal normalizes '/./' and '/../' segments in file URIs in order
* to prevent unintended file access. For example, 'private://css/../image.png'
* is normalized to 'private://image.png' before checking access to the file.
*
* On Windows, Drupal also replaces '\' with '/' in URIs for the local
* filesystem.
*
* If file URIs with one or more scheme should not be normalized like this, then
* list the schemes here. For example, if 'porcelain://china/./plate.png' should
* not be normalized to 'porcelain://china/plate.png', then add 'porcelain' to
* this array. In this case, make sure that the module providing the 'porcelain'
* scheme does not allow unintended file access when using '/../' to move up the
* directory tree.
*/
# $conf['file_sa_core_2023_005_schemes'] = array('porcelain');
/**
* Configuration for phpinfo() admin status report.
*
* Drupal's admin UI includes a report at admin/reports/status/php which shows
* the output of phpinfo(). The full output can contain sensitive information
* so by default Drupal removes some sections.
*
* This behaviour can be configured by setting this variable to a different
* value corresponding to the flags parameter of phpinfo().
*
* If you need to expose more information in the report - for example to debug a
* problem - consider doing so temporarily.
*
* @see https://www.php.net/manual/function.phpinfo.php
*/
# $conf['sa_core_2023_004_phpinfo_flags'] = ~(INFO_VARIABLES | INFO_ENVIRONMENT);
/**
* Session IDs are hashed by default before being stored in the database. This
* reduces the risk of sessions being hijacked if the database is compromised.
*
* This variable allows opting out of this security improvement.
*/
# $conf['do_not_hash_session_ids'] = TRUE;
/**
* URL for update information.
*
* Drupal's update module can check for the availability of updates. By default
* https is used for this check. If for any reason your site cannot use https
* you can change this variable to fallback to http. It is recommended to fix
* the problem with SSL/TLS rather than use http which provides no security.
*/
# $conf['update_fetch_url'] = 'https://updates.drupal.org/release-history';
/**
* Opt out of double submit protection.
*
* By default Drupal will prevent consecutive form submissions of identical form
* values. Set this variable to FALSE in order to opt out of this
* prevention and revert to the original behaviour.
*/
# $conf['javascript_use_double_submit_protection'] = FALSE;
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.