General

add_csrf_token_header_to_external_responses

When enabled, an X-CSRF-Token header is included in the response to GET requests from external domains, which must be used in a subsequent POST or PUT request. The exposed_headers and allowed_http_headers settings in the corsfilter section (below) must also be set to "X-CSRF-Token". See Security Guidelines for Developers for more information.

authorization_lockout_ip_whitelist

A list of IP's that can not be locked out of XperienCentral's Edit environment. Enter a valid IPv4 or IPv6 address.

channels_using_fallback

Specifies the channel(s) that use the default design configuration when no custom JSP can be found for it.

check_url_signature

If this option is turned on, URL's containing a presentation ID and/or an SSI object ID are suffixed with a sign parameter when they are rendered, which contains a hash of the parameters in the URL. When the URL is called, the value of the sign parameter is checked versus a newly calculated hash based on that URL. If the value of the sign parameter does not match that of the newly calculated hash, that means that the URL has been tampered with and the request will be refused.

clusternode_eventlistener_heartbeat_ms

Specifies how often, in milliseconds, the cluster event service listens for events on other servers in the cluster.

clusternode_registration_heartbeat_ms

Specifies how often, in milliseconds, the cluster event service checks for multiple active sessions for the same XperienCentral user. See Active Sessions for more information,

company_name

This setting allows you to add your company name (or another string) to the XperienCentral Login page. See Customizing the Login Page for complete information. In XperienCentral versions R47 and higher, the company_name text supports basic HTML formatting tags such as <b>, <i>, <u>, <ol>, <ul> and <pre>.

contentindex_index_readonly_nodes

If the Search & Retrieve API is used on a clustered environment, this setting should be enabled, otherwise the API will not return any results. When this setting is enabled, the content index must be rebuilt.

content_item_lock_poll_interval

A content locking poll thread that checks whether a content item lock is expired. If so, the lock is removed. The value is in milliseconds.

content_item_lock_timeout

Specifies the number of milliseconds that have to elapse after a lock on a content item has been claimed before the lock is closed.

contentindex_location

The directory where the content index and its configuration are stored.

contentindex_optimize_schedule

The Crontab schedule that dictates when the content index is optimized. This should be set to happen at least once a day, preferably at the time that website activity is at its lowest (typically at night).The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

contentindex_queue_database_entries_schedule

The Crontab schedule that dictates when to put database entities in the queue for the search indexing. The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

contentindex_queue_empty_reindex

Specifies whether to disable the regeneration of the full background index when the queue is empty. Because a full index regeneration is performed regularly according to the contentindex_queue_reindex_schedule, you might want to block a full index generation at other times for performance reasons.

contentindex_queue_iteration_limit

The maximum batch size for each poller iteration. The default is 100. The larger the number, the greater the impact is on performance.

contentindex_queue_janitor_schedule

The Crontab schedule that dictates when the index journal is cleaned up. The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

contentindex_queue_poller_schedule

The Crontab schedule that dictates when the index journal is polled for changes. The more frequently this is performed, the more up to date the index will be. Note that each cycle must be able to finish before the next begins. The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

contentindex_queue_reindex_schedule

The Crontab schedule that dictates the triggering of a full background index. This should happen no more then once a day, preferably at the time that website activity is at its lowest (typically at night). The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

context_static

The root URL of the static web application. In XperienCentral versions R36 and higher, use the setting static_files_url instead.

Specifies whether XperienCentral automatically creates revisions of content items. See Reverting a Content Item for more information. See also the settings max_age and schedule.

csrf_ignore_url_paths_regex

Specifies the URL paths that are not checked for CSRF vulnerabilities. Define the excluded URLs using a Regular Expressions that matches the URL path, excluding the context path. For example, to disable the protection for all requests to "myservlet" (https://mydomain.com/web/myservlet/foo/bar?q=xxx), add an expression like the following:

/myservlet(/.*)?

current_rollover_detector_schedule

The Crontab schedule that dictates when the rollover detector service runs. The detector service detects changes in the outcome of ContentItem.getCurrent(Language) and if any is detected, it updates the caching timestamps and friendly URLs. The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

date_format

The format in which dates are represented (for example, dd-MM-yyyy).

default_timezone

Specify the default time zone for the XperienCentral installation. The time zone you specify is the absolute time upon which all timestamps in XperienCentral are based (creation date, publication date, expiration date, etc.). When users select their own time zone in My Settings, the time zone they select is calculated as an offset based on the default XperienCentral time zone. The following are the most commonly used time zones. For the full list of acceptable time zones, see http://en.wikipedia.org/wiki/List_of_tz_database_time_zones.

disable_unused_content_schedule

Schedule in cron format for the disable unused content job. The Crontab schedule for disabling unused content. The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning.For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

enable_non_jndi_database_configuration

Select this option if you are using a non-JNDI database for your XperienCentral project.

form_handler_base

Specifies the URL where the definitions for Interactive Forms are located.

google_sitemap_automatic_upload

Specifies whether XperienCentral automatically uploads generated sitemaps to Google. When enabled, if a Google sitemap is generated, it is automatically uploaded according to the schedule configured in the setting google_sitemap_generator_schedule. When disabled, the latest generated sitemap is not uploaded.

google_sitemap_excluded_types

Specifies the content type(s) to exclude from your generated google sitemap. To see which content types are present in your channel, execute the following query on the Queries tab in the Database Maintenance panel:

SELECT value FROM wmjellycontenttype

The results show the content type identifiers. To exclude a content type, enter its identifier in the text field and click [Add value].

google_sitemap_generator_schedule

The Crontab schedule that dictates when the Google sitemap will be generated. The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

http_non_proxy_hosts

Specifies the hosts that should be directly contacted for requests via HTTP and HTTPS (not through the proxy server). You can enter multiple host names separated by the pipe character (|) and also use wildcards. For example:

*.wm.com|localhost

http_proxy_host

The name of the HTTP proxy host server to use to send requests to the XperienCentral server.

http_proxy_password

The password to use to log in to the proxy host via HTTP. If no password is required, leave this field blank.

http_proxy_port

The port number to connect to on the HTTP proxy host.

http_proxy_username

The username to use on the HTTP proxy host.

http_use_proxy

Specifies whether to use one or more proxy servers to log in to the XperienCentral server.

https_proxy_host

The name of the HTTPS proxy host server to use to send requests to the XperienCentral server.

https_proxy_password

The password to use to log in to the proxy host via HTTPS. If no password is required, leave this field blank.

https_proxy_port

The port number to connect to on the HTTPS proxy host.

https_proxy_username

The username to use on the HTTPS proxy host.

https_use_http_page_links

When this setting is enabled, a visitor will use HTTP to link to a page even if the Use HTTPS setting for that page is enabled.

https_use_proxy

Specifies whether to use one or more proxy servers to log in to the XperienCentral server. Proxy system properties set outside of XperienCentral are not overwritten when this setting is clear (false).

internal_backend_address

For use with IBM WebSphere. Contact your GX Software consultant for more information.

internal_frontend_address

For use with IBM WebSphere. Contact your GX Software consultant for more information.

internal_http_authentication_password

The password to use in conjunction with the username (below) for connections XperienCentral makes with itself through the front- or backend.

internal_http_authentication_username

The username to use for connections XperienCentral makes with itself through the front or backend.

internal_http_use_authentication

Specifies whether to use a username/password combination for authenticating connections that XperienCentral makes with itself through the front or backend.

internal_http_use_form_authentication

Specifies whether internal HTTP connections use HTTP form

internal_http_use_form_authentication_session_expiration

The configuration entry for the expiration of the session cookie used for HTTP form authentication

jcr_datastore_cleaner_schedule

The Crontab schedule that dictates when the JCR datastore cleaner runs. The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

languagelabels_cache_size

This setting determines the maximum size of the language label cache. Ideally the maximum size should be equal or slightly higher than the number of language labels across all channels. The default is 10000.

limboelement_cleanup_schedule

The Crontab schedule that dictates when limbo elements are cleaned up. The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

limboelement_expiration_interval

The Crontab schedule that dictates when limbo elements expire and are deleted. The Crontab schedule used is a variant of the standard UNIX Crontab scheduler with a "seconds" field prefixed to the beginning. For complete information on scheduling jobs in XperienCentral, see Scheduling Jobs.

password_banned_words

Specifies the string(s) that may not be used as passwords. To add a new value, enter the string in the text field and click [Add value].

password_min_distance

Password minimum distance. Specifies the extent to which a string to be used as a password must differ from any of the banned passwords. Take the following example: the string "Administrator" is banned as a password. If the minimum distance is 2, then the allowed strings to be used as a password must differ in at least two ways from "Administrator". The password "Administrat0r" (using a zero "0" instead of an "o") is unacceptable because it differs in only one way from "Administrator".

password_min_entropy

Specifies how complicated a password must be. The allowed values are between 50 and 100, 100 being the most strict setting.

profiler_entry_children_limit

Specifies the limit of child entries for a profiler.

render_threads

Specifies the number of parallel threads to use when rendering content on the website front-end. If the content on your website does not change at a high rate, it is recommended that you do not set this value too high.

render_threads_incontext

Specifies the number of parallel threads to use when rendering content on the website backend. Using multiple threads can significantly increase the performance of rendering content in the Editor.

reserved_context_path

Specifies one or more context paths that are reserved in XperienceCentral. Reserving a context path is necessary if a website's friendly URLs have no extension and one or more external applications are running on the same host as XperienCentral and you want to avoid a friendly URL being created that matches the internal path of an external application. Enter a context path (without slashes) in the field and click [Add value]. If you run XperienCentral without friendly URL extensions, add the following values:

• web

• static

• upload

• upload_mm

• cfg

• info

• wm

See also Running XperienCentral without a Friendly URL Extension.

secret_key

The key used to sign configuration.

secure_rest_against_csrf

Specifies whether XperienCentral protects against CSRF attacks on its REST API.

session_tracking_cookie_name

The name of the cookie used for tracking XperienCentral user sessions.

smtp_host

The host name of the SMTP-server.

smtp_start_tls

Specifies whether TLS should be used when XperienCentral sends emails.

stale_cluster_lock_retry_time

The amount of time, in seconds, that indicates that a lock that a server in a clustered environment has for a particular item is no longer valid.

static_files_url

The URL where static files from plugins are stored. In XperienCentral versions R36 and higher, this setting is used instead of the old setting application_settings.context_static. The value can be either a relative or an absolute path. This is especially useful to configure a CDN URL to serve the statics from.

statistics_cycle_duration

Specifies the number of milliseconds into the past that the XperienCentral performance statistics are saved. The minimum value is 10000. The default is 7200000 (2 hours). GX Software advises that you do not set the cycle duration to a value lower than the default value.

streaming_file_directory

The folder where streaming files are stored.

strict_servlet_api

Specifies whether to use the content-type header set by the first included JSP for the entire request.

url_cache_clean

Specifies the age (in milliseconds) that items can become before they are deleted from the cache.

url_cache_timeout

Specifies the amount of time (in milliseconds) between cache cleanups.

url_encoding

The encoding to use for encoding URLs, "UTF-8" for example.

urlsign_key

The key used to sign URLs.

weblogging_logfile_location

The location of the web logging log file.

xss_allowlist_siteworks_expressions

See XperienCentral XSS Filters (login required).

xss_allowlist_siteworks_qs_parameters

See XperienCentral XSS Filters (login required).

frontendxssfilter_class_parameters

Specifies the parameter(s) that cause a request to be blocked if they do not conform to a valid Java class name. See also XperienCentral XSS Filters (login required).

frontendxssfilter_integer_parameters

Specifies the parameter(s) that cause a request to be blocked if they do not contain a valid integer. See also XperienCentral XSS Filters (login required).

frontendxssfilter_uuid_parameters

Specifies the parameter(s) that cause a request to be blocked if they do not contain a valid UUID. See also XperienCentral XSS Filters (login required).

ignore_backend_cookies

Specifies whether to ignore cookies relayed by a front-end proxy to the backend server.

max_char

Specifies the code of the highest ASCII character that XperienCentral will output. The default is "127" (all standard ASCII characters).

max_includes_depth

Specifies the maximum number of includes allowed in a config.

max_includes_per_request

Specifies the maximum number of includes that are allowed during a single request.

max_recursion_depth

Specifies the maximum depth of includes recursion.

ntlm_auth_domain_controller

Specifies the IP address of the NTLM authentication server.

ntlm_auth_enabled

Enables/disables NTLM authorization.

ntlm_auth_ignore_hosts

Specifies the names of the hosts from which requests will be ignored. Separate multiple host names using a comma (,).

ntlm_auth_ignore_user_agents

Specifies the user agents that will be ignored.

package_image_url

Specifies the location where XperienCentral menu-related images are stored.

presentation_jsps_url

The relative URL of the XperienCentral design config JSPs. In XperienCentral versions R43 and higher, you must add the location /WEB-INF/project/nl.gx.product.wmpbasepresentation for all projects.