PHP Classes

File: config.ini

Recommend this page to a friend!
  Classes of Kristo Vaher   Wave Framework   config.ini   Download  
File: config.ini
Role: Auxiliary data
Content type: text/plain
Description: Configuration
Class: Wave Framework
MVC framework for building Web sites and APIs
Author: By
Last change: Update of config.ini
Date: 2 months ago
Size: 31,877 bytes
 

Contents

Class file image Download
; Wave Framework <http://github.com/kristovaher/Wave-Framework> ; General Configuration ; ; All configuration settings in this file are loaded into State where certain variables, such as ; error-reporting, can turn on or off certain PHP settings. This configuration script is also ; used by scripts under /tools/ folder. Note that most settings in this file are commented ; out since system can function with default values. Uncomment and edit configuration only ; when wishing to change defaults. ; ; If your project needs additional configuraton options then you can freely add them here and ; access them through state-specific methods, but make sure that there is no name conflict with ; any internal configuration and state variables. Refer to State documentation to know exactly ; which variables have already been used. ; ; * HTTP Authentication ; * Application Version ; * Logging and Debugging ; * Database ; * Server ; * Handler Extensions ; * Content ; * Optimizations and Cache ; * Dynamic Resources ; * API ; * Sessions ; * Request limiter ; ; @package State ; @author Kristo Vaher <kristo@waher.net> ; @copyright Copyright (c) 2012, Kristo Vaher ; @license GNU Lesser General Public License Version 3 ; @tutorial /doc/pages/configuration.htm ; @since 1.0.0 ; @version 3.7.0 ; HTTP AUTHENTICATION ; If limiter-authentication is set to 1, then HTTP authentication is required before any requests ; go through. It is also possible to limit the entire access to only a single IP or multiple IP ; addresses by assigning http-authentication-ip a comma separated list of IP addresses. These ; settings are also used by developer tools in /tools/ subfolder. Make sure to change your password ; in order to protect from potential attacks that target software default installation settings. http-authentication-username="developer" http-authentication-password="hellowave" http-authentication-ip="*" ; LOGGING AND DEBUGGING ; This turns on Index gateway performance logging, which stores all information possible about ; every HTTP request. If this is set to '*' then all HTTP requests are logged, if it is set to 0, ; then no requests are logged. Value can also be a regular expression, in which case only requests ; that match the regular expression will be logged (you can use this to log only requests on a ; specific file, for example). Logging can also be tied to only specific IP address or addresses, ; if you set logger-ip to have an IP address or comma separated list of addresses. ; logger="*" ; logger-ip="*" ; This sets the error-reporting level for Wave Framework, which is used to store errors in Debugger ; logs. Note that this value cannot be changed over setState() method and this affects the entire ; system. This setting can have the value of 'off', 'critical' (ignores notices, warnings and ; deprecated errors) or 'full'. Please note that it is recommended to keep error-reporting on at ; all times. This is set to 'full' by default. ; errors-reporting='off'; ; This settings turns on verbose error messages for fatal/critical errors that stop the script. ; This will show complete error information when it is encountered on the page. This setting does ; not apply to warnings and notices, latter of which are all visible under Debugger script. This ; is turned off by default. ; errors-verbose=1 ; This sets if Wave Framework also writes the entire stack trace to error logs, if errors are ; encountered. Note that this might make some error log files very large and possibly unreadable ; by Debugger script with default memory settings. This is set off by default and only the main ; error message, file location and number are stored. ; errors-trace=1 ; If these are set then using isDeveloper() call returns true. This allows you to test various ; features within the API that only work when requests are made from a specific IP and user agent. ; If these settings are not set or are empty, then isDeveloper() always returns false. Values can ; be comma-separated-lists. Note that the user agent string should be written here without semicolon ; character, which is unsupported in INI files. ; developer-ip="" ; developer-user-agent="" ; DATABASE ; Wave Framework can connect to multiple database types, database-type values can be 'mysql', ; 'postgresql', 'sqlite', 'mssql' and 'oracle'. If database values are not set, then system won't ; attempt to connect to database. Persistent connections are allowed by using database-persistent ; flag, in which case same connection handle will be shared across requests from different user ; agents, but note that this flag is not recommended and can cause additional performance issues. ; It is also possible to set if database errors are written in developer tools debugging log with ; the database-errors flag. It is not recommended to turn this setting off before deploying live. ; If you need to add port information for host, add it after host name, like 'www.example.com:3306'. ; database-type="mysql" ; database-host="localhost" ; database-name="" ; database-username="" ; database-password="" ; database-persistent=0 ; database-errors=1 ; These are database credentials for the Test Suite that is run by the test script and tests stored ; at /tools/ subfolder. It is recommended that the test database is identical in structure to ; live database, otherwise the tests can affect actual database in negative ways. ; test-database-type="mysql" ; test-database-host="localhost" ; test-database-name="" ; test-database-username="" ; test-database-password="" ; test-database-persistent=0 ; test-database-errors=1 ; SERVER ; This setting stores comma-separated list of trusted proxy IP addresses. This setting is required ; when your web service or website uses a proxy, then this IP address allows for IP redirects ; assigned in request headers to act as user agent IP. This is a security setting and is meant to ; protect against bypassing IP address checks through request headers. If you use a proxy, assign ; the proxy IP address here. Default value is '*', which means that all proxies are allowed. ; trusted-proxies="*"; ; This is the HTTP host address of web service or website, for example 'www.example.com'. This is ; detected automatically by the system, but in case the same website is accessible from two different ; URL's, then assigning primary one here is recommended. ; http-host="www.example.com" ; This is the directory of your website or web service on the server. Wave Framework is able to detect ; this directory automatically, but in case this detection causes problems, it is recommended to ; manually assign it here. ; directory-system="" ; By default this folder is /filesystem/userdata/ and it is used for storing various user-specific ; files. This is detected automatically based on directory-system configuration setting. Static root folder ; is the base root folder for static files, similarly to 'directory-user', except files uploaded there are ; never served by Wave Framework. ; directory-user="" ; directory-static="" ; By default this folder is /filesystem/data/ and it is used for storing various filesystem-centric ; database files, such as for SQLite. If undefined, then this is automatically based on directory-system ; configuration setting and it is not recommended to change this unless necessary. ; database-root="" ; This is the base root folder for temporary files. Files that are stored here should be considered ; temporary and used for various custom functionality in the system. ; directory-tmp="" ; This is the folder that is used to store various security certificates and OpenSSL keys, such as ; ones used by various API's or e-payment systems. ; directory-keys="" ; This is the named timezone of servers location, this is required by PHP to have a base for time ; calculations. Unix timestamp is used internally by Wave Framework, so changing this value will ; not break the system, however it could affect things like log times and functionality of the ; system that uses Wave Framework. This configuration is set to 'Europe/London' by default. ; timezone="Europe/London" ; This setting is a locale setting that is used for locale-related settings, such as for monetary ; and numeric values and messages. This is not defined by default and is detected by the system ; automatically. ; locale="en_GB" ; This sets the memory limit for the Wave Framework requests. Setting this value does not guarantee ; that it will be success, as certain servers disable setting memory limit with PHP. This setting ; is undefined by default, thus Wave Framework uses the internal memory limit that is set in the ; server. ; memory-limit="128M" ; This sets the time limit for the Wave Framework requests. Setting this value does not guarantee ; that it will be success, as certain servers disable setting time limit with PHP. This setting ; is undefined by default, thus Wave Framework uses the internal time limit that is set in the ; server. This value is in seconds. ; time-limit=30 ; HANDLER EXTENSIONS ; This is a comma-separated list of image file extensions that are routed through Image Handler. ; If image file extension is not listed here, then this will be served through File Handler ; instead - which is used to serve any file that has an extension, but no handler. If you add ; new extensions here, then it is recommended to also update Image Handler code at ; /engine/handler.image.php to support that new file extension. ; Default extensions are jpeg, jpg, png. ; image-extensions="jpeg,jpg,png" ; This is a comma-separated list of static resource file extensions that are routed through ; Resource Handler. Resource Handler can serve these files as combined on-demand. If you add ; new extensions here, then it is recommended to also update Resource Handler code at ; /engine/handler.resource.php to support that new file extension. ; Default extensions are css, js, txt, csv, xml, html, htm, rss, vcard. ; resource-extensions="css,js,txt,csv,xml,html,htm,rss,vcard,appcache" ; This is a comma-separated list of filename extensions that are routed through File Handler. ; If a file extension is not listed here and it is not a forbidden extension, then it will be ; served through Data Handler instead and acts like a web page request. ; Default extensions are pdf,doc,docx,xls,xlsx,ppt,pptx,zip,rar. ; file-extensions="pdf,doc,docx,xls,xlsx,ppt,pptx,zip,rar" ; This is a comma-separated list of file extensions that cannot be requested over HTTP. ; Caution! Please note that some of these extensions, like 'ini', 'htaccess', 'version' should ; never be removed from here, since they can otherwise pose a security risk - it would be ; possible to see configuration file contents over HTTP request. ; Default extensions are tmp, log, ht, htaccess, pem, crt, db, sql, version, conf, ini. ; forbidden-extensions="tmp,log,ht,htaccess,pem,crt,db,sql,version,conf,ini,empty" ; CONTENT ; These values are added to website meta information by the View Controller, if they are defined. ; Website title will include value of project-title, and author and copyright values are written ; into meta tags in HTML header. These values are all empty by default. ; project-title="Wave Framework" ; project-author="" ; project-copyright="" ; First setting, 'languages', is a comma-separated list of language keywords used in the system. ; These keywords are used for both translations files, sitemap files as well as language detection, ; when detecting the language form a URL. It is needed that the keywords listed here are also ; available as files of /resources/{keyword}.translations.ini and /resources/{keyword}.sitemap.ini. ; Language detection with the keywords works the same way, like http://www.example.com/{keyword}/. ; It is possible to customize this behavior more with other settings in configuration. Default ; language is defined by 'language' setting. Default language is the first language in the list. ; This is set to 'en' by default. ; languages="en" ; These settings are used when using Wave Framework to build a website and not just a web service. ; Home view defines what view is loaded by View Controller from Sitemap file. This home-view setting ; is actually the URL keyword from Sitemap file and it should be the same across all different ; languages. 404 view defines what view from /view/ folder is loaded when no other view is found. ; 404 View is not set in Sitemap files, though if defined (the same way as Home view), then additional ; configuration options can be assigned there. ; home-view="home" ; 404-view="404" ; This value is usually automatically generated from HTTPS setting, 'http-host' and 'url-web' ; values. This should only be defined in Configuration should the base URL be somehow detected ; incorrectly. This is the base URL that is stored in HTML header. ; url-base="http://www.example.com" ; While most websites are accessible from the domain name and root folder then some websites are ; set up in subfolders (like http://www.example.com/web/). While Wave Framework is able to detect ; this automatically, should this automatic detection fail, it is recommended to write the web ; root node here. For 'http://www.example.com/web/' address it would be '/web/'. This value is ; used when referencing links or loading content in a website. ; url-web="" ; It is considered a good practice to have a slash in the end of URL's. If this setting is enabled, ; then Wave Framework will redirect all URL's that do not end with a slash to ones that do. For ; example http://www.example.com/mypage would become http://www.example.com/mypage/ and this ; setting is turned on by default by being set to 1. ; enforce-url-end-slash=0 ; Wave Framework deals with multilingual websites by having the first URL node as the language ; detector. If this setting here is turned on, then first language (the first one in 'languages' ; configuration setting) requires that first URL node to also be defined as the language. Wave ; Framework would, in that case, redirect http://www.example.com/contact/ address to ; http://www.example.com/en/contact/ if the first language is 'en'. This is turned on by ; default, but is recommended to be turned off when web system only has one language. ; enforce-first-language-url=0 ; Robots flags are used by search engines and web crawlers when gathering information about web ; pages that they visit. These flags are 'guides' to robots that tell robots to either index the ; content of pages or not. In Wave Framework, 'robots' is considered the fallback setting, but ; you can set different defaults for images, static resources, served files and so on. It is also ; possible to assign different robots setting to each URL through sitemap files in /resources/ ; folder. These values are set to 'noindex,nocache,nofollow,noarchive,noimageindex,nosnippet' by ; default, which disallows indexing. ; robots="index,follow" ; image-robots="index,follow" ; resource-robots="index,follow" ; file-robots="index,follow" ; This sets whether the pages rendered through View Controller are allowed to be shown in a frame, ; like an <iframe>, or not. This can be set to either 'deny' or 'sameorigin' or left empty. The ; default value is empty, so the pages can be loaded to a frame at all times. ; frame-permissions="deny" ; This sets the CSP (content security policy) setting for the domains that your site is allowed ; to load data from. This allows for whitelisted cross-site scripting and accessing resources on ; other domains, while also blacklisting other domains. This is not used by default. ; content-security-policy="default-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.com" ; This sets what domains are allowed to access the API or load resources from this installation. ; This sets an 'Access-Control-Allow-Origin' header to all of the HTTP requests. This is not set ; by default, thus disallowing cross-domain requests to this system. This allows you to make ; cross-domain requests to this resource if '*' is set or another domain. ; access-control="*" ; OPTIMIZATIONS AND CACHE ; Modern web browsers support output compression which reduces the amount of data sent from ; server to web browsers and can improve the loading speed of websites. This value can be set ; to 'deflate', 'gzip' or false. This setting tells Wave Framework to consider this or that type ; of output compression as default, or not use output compression at all (if web server does it ; by itself). Also note that this setting is ignored if user agent does not tell web server that ; they support gzip or deflate compression. This value is set to 'deflate' by default. ; output-compression=0 ; Wave Framework can cache every API request. This setting tells Wave Framework to cache URL ; solving from Sitemap for X amount of seconds. Since /resources/{language-code}.sitemap.ini ; file does not change frequently on most projects, then this value can be increased to minutes, ; even hours. For development reasons and special cases however, this value is set to 0 by ; default and URL solving is not cached. ; index-url-cache-timeout=300 ; This setting assigns the default cache duration of a website page. This value can be customized ; per view and URL in /resources/{language-code}.sitemap.ini and this value here only acts as ; a default. If your website is informative and mostly consists of content web pages, then this ; default value can be increased to minutes, if not hours. Default value is 0 and by default ; pages are not cached. ; index-view-cache-timeout=30 ; These settings give default cache durations for static resources, robots.txt and sitemap.xml ; files. This value affects max lifetime headers as well as internal cache duration (though ; this is always checked against source file modification date). Resource cache timeout default ; is 31536000, which is one year in seconds. Robots and Sitemap files have default cache of ; 14400 seconds, which is four hours. ; resource-cache-timeout=31536000 ; robots-cache-timeout=14400 ; sitemap-cache-timeout=14400 ; Memcache can be used to improve caching speeds noticeably in Wave Framework and speed up ; your website or web service considerably. If host and port are not set, then localhost and ; 11211 port is used for the connection. ; memcache=1 ; memcache-host="localhost" ; memcache-port=11211 ; APC extension is not officially part of PHP, but if web server supports APC, then this can ; speed up caching and performance. If this setting is set to 1 and APC is supported on the ; server, then Wave Framework will use APC for caching rather than filesystem in some cases. ; This setting is set to 0 by default. ; apc=1 ; If these are set, then Wave Framework will use database caching as opposed to filesystem ; based caching for all Data Handler and API Handler requests. Static files would still use ; filesystem specific cache if on-demand parameters are used. Database caching is generally ; slower than filesystem cache, but it has the benefits of being shared. Note that if the ; cache-database-* settings are not set and the rest of the settings are, then the main ; database settings are used for the connection. If cache-database-type is set to 'any' ; and generic database configuration is also set, then the same database connection is ; used as in the main application rather than creating a new connection. ; cache-database=1 ; cache-database-type="mysql" ; cache-database-host="localhost" ; cache-database-name="" ; cache-database-username="" ; cache-database-password="" ; cache-database-errors=1 ; cache-database-persistent=0 ; cache-database-table-name="cache" ; cache-database-address-column="cache" ; cache-database-timestamp-column="cache" ; cache-database-data-column="cache" ; DYNAMIC RESOURCES ; If this is set to 1, then Wave Framework uses /resources/placeholder.jpg as image resource ; whenever it cannot actually find the image resource that it attempts to load. This allows ; web system to gracefully fall back when original image cannot be found anymore, since it ; will not display the broken image icon in browsers as a result. File not found 404 header ; is still returned however, so web crawlers will not index this image. ; 404-image-placeholder=0 ; Dynamic image loading is a global flag that sets whether user agent can request images from ; the system with on-demand flags, such as on-demand resolution or image effects. For example, ; if you enter an URL like http://www.example.com/resources/images/60x60&logo.png, then system ; returns an image that is 60 pixels in both dimensions. This setting is set to 1 by default, ; enabling this functionality. ; dynamic-image-loading=0 ; This is a security setting against potential Denial of Service attacks. This setting is the ; maximum height or width that system can dynamically serve. This is set to 1000 by default, ; which disables on-demand resolutions that are bigger than 1000 pixels in width or height. ; dynamic-max-size=1000 ; This is a security setting against potential Denial of Service attacks. This is a space- ; separated list of image resolutions that are allowed to be loaded on-demand. For example, ; if this is set to '60x60 320x240' then only images of 60x60 and 320x240 resolutions would ; be allowed to be loaded on-demand. This setting is not defined by default, which allows all ; image resolutions to be loaded on-demand. ; dynamic-size-whitelist="" ; This is a security setting against potential Denial of Service attacks. This is a space- ; separated list of background color values in RGB that are allowed to be loaded on-demand. ; For example, if this is set to '120,60,14 255,255,255' then only these two RGB colors would ; be allowed. This setting is not defined by default, which allows for all background colors ; to be loaded on-demand. ; dynamic-color-whitelist="" ; This is a security setting against potential Denial of Service attacks. This is a space- ; separated list of quality settings that are allowed to be loaded on-demand. For example, ; if this is set to '@50 @30', then only images with @50 and @30 quality settings are allowed ; to be loaded on-demand. This setting is not defined by default and all quality levels ; are allowed. ; dynamic-quality-whitelist="" ; This is a security setting against potential Denial of Service attacks. This is a space- ; separated list of image positions that are allowed to be loaded on-demand. For example, if ; this is set to 'top-left 30-50', then only image positions of top-left and 30-50 (pixels) ; are allowed. This setting is not defined by default and all positions are allowed. ; dynamic-position-whitelist="" ; This is a security setting against potential Denial of Service attacks. Wave Framework allows ; for advanced on-demand image filtering. If this setting is turned off, then on-demand image ; filtering is not allowed at all and such images cannot be requested. By default this value is 1, ; which enables on-demand filters. ; dynamic-image-filters=0 ; This is a security setting against potential Denial of Service attacks. If dynamic image ; filters are enabled, then this is a space-separated list of allowed filter settings. If this ; is set to 'grayscale@100 colorize@40,120,120,120' then only grayscale filter with parameter 100 ; and colorize filter with 40, 120, 120 and 120 parameters are allowed. These values must be ; written the same way they are written to filter() brackets during on-demand image request. ; dynamic-filter-whitelist="" ; This is a security setting against potential Denial of Service attacks. This setting, if set ; to 1, allows to load scripts and CSS files in unified form from /resources/ folder. Multiple ; scripts can be loaded by separating their filenames with & symbol and 'minify' flag can also ; be used to load the resource in minified form. This setting is 1 by default. ; dynamic-resource-loading=0 ; API ; This is a comma-separated list of API versions that are allowed to be accessed over API. ; By default this value is not set at all, which means that sending 'www-version' value with ; the request has no impact. API versions can only consist of latin characters and numbers. ; The most recent API version number is defined in '.version' file in the root folder. ; api-versions="v2,v1" ; This sets the default profile name of a public profile - when profile name itself is not set ; in the request. This profile must have profile settings set in /resources/api.profiles.ini file. ; api-public-profile="public" ; If this setting is set to 1, then public API requests require a 'www-public-token' as part of ; HTTP API requests that do not use an authenticated API profile. This token has to be generated ; to and submitted with all the forms on the website. This is set to 0 by default, but is ; recommended to be implemented on websites and services that implement user accounts and other ; similar systems as a protection for cross-site-request-forgery attacks. Note that this token ; is only actually checked if the user is 'logged in' (user session data is populated). ; api-public-token=1 ; It is possible to keep a simplified log of API requests that are sent to API Handler. This ; setting is a comma-separated list of API profiles that will be tracked or will not be tracked. ; This allows for keeping track of how actively this or that API Profile is used in the system ; and gives a good overview of what commands have been used the most and how frequently. Setting ; it to '*' will mean that every API Profile will be logged, except profiles listed with '!' in ; front of their name. The default setting, if used, will track all API profiles except the ; public profile. ; api-logging="*,!public" ; It's possible to log specific messages in internal log by sending such a command from MVC ; objects of Wave Framework. This setting here acts as a filter to those messages. Every ; message is stored with a 'key' and in here you can set which keys are logged and which ; keys are ignored. Setting it to '*' will mean that everything will be logged. If a key ; has exclamation mark before it, then that key will be ignored. Wave Framework has two ; default internal log messages 'input-data' and 'output-data' which are ignored by default, ; but sometimes it is recommended to turn them on for debugging purposes. This internal log ; can be read from developer tools as /tools/log-reader.php?internal URL. Default setting logs ; all log entries except the API input-data and output-data entries. ; internal-logging="*,!input-data,!output-data" ; SESSIONS ; This setting is the namespace/cookie value used for sessions. For example this value is the ; cookie name for sessions. If this setting is not set in configuration, then Wave Framework ; generates this value by creating a numeric hash from the root directory address on the server. ; It is not necessary to change this value unless your system runs on multiple servers with ; different system root addresses at the same time and you need to carry the sessions across. ; session-name="PHPSESSID" ; This is the amount of seconds that have to pass before Wave Framework automatically regenerates ; the session cookie. This is set to 0 by default, thus session cookies are not regenerated ; automatically. ; session-regenerate=720 ; These values are session cookie settings. State assignes them by default and that is usually ; recommended, but you can assign your own values here. If 'session-lifetime' value is 0, then ; sessions will last until they time out in browsers. That is also the default. ; session-lifetime=1440 ; session-path="/" ; session-domain="www.example.com" ; session-secure=0 ; session-http-only=1 ; Wave Framework has a basic user and permissions handling through sessions as well as session ; fingerprinting, which can be accessed through <a href="guide_mvc.htm">MVC</a> objects. This ; sets the keys under which user data and permissions are stored in sessions. These values are ; set to 'www-user', 'www-permissions', 'www-fingerprint', 'www-timestamp' and 'www-public-token' ; by default. ; session-user-key="www-user" ; session-permissions-key="www-permissions" ; session-fingerprint-key="www-fingerprint" ; session-timestamp-key="www-timestamp" ; session-token-key="www-public-token" ; This setting allows you to tie your sessions to the specific web browser and IP address. This ; setting is undefined by default, so fingerprinting is not used. Value of this setting can be ; a comma separated string that consists of keys like 'ip' and 'browser'. If you only want browser ; specific fingerprinting, then just assign it as 'browser', or if only IP fingerprinting, then ; use 'ip'. ; session-fingerprint="ip,browser" ; REQUEST LIMITER ; This turns on HTTP request limiter if set to 1. This setting is a global flag, if this is ; not set to 1, then all other flags of this group are ignored. This is set to 0 by default. ; limiter=1 ; If this is set to 1, then every HTTP request requires HTTP authentication based on http-* ; configuration settings. Otherwise all requests are blocked. This is useful to protect ; website or web service from being accessed during development. This is not used by default. ; limiter-authentication=1 ; This setting enforces HTTPS connections, when accessing this web service. If this is turned ; on, then all non-HTTPS requests will be redirected to HTTPS. This is not used by default and ; both HTTP and HTTPS requests (if supported) are allowed. ; limiter-https=1 ; This setting is a comma-separated list of IP addresses which are allowed to access this ; website or web service. Requests from any other IP are blocked and not allowed. This is ; not used by default. ; limiter-whitelist="" ; If whitelist limiter is not used, then this setting can be a comma-separated list of IP ; addresses that are not allowed to access this website or web service. This is not used ; by default. ; limiter-blacklist="" ; This setting allows to limit the amount of requests per minute that are allowed. This is ; used to protect the system against Denial of Service attacks. This setting is the maximum ; amount of requests allowed per IP address. If this limit is exceeded, then that IP is blocked ; for one hour from accessing the service again. This is not used by default. ; limiter-request=120 ; This setting sets the server load value that when met, will make Wave Framework temporarily ; block HTTP requests. If server load is too high, then subsequent requests can make problems ; worse, so this setting allows you to make such requests as short and quick as possible, which ; helps reduce the load on the server. This setting is undefined by default and this limiter ; is not used. ; limiter-load=80 ; This is a comma-separated list for all the domains that are allowed to make a request to this ; system. If this configuration setting is used and it is not '*', HTTP header for referrer is set, ; then this requests will return a Forbidden message. You can use this in combination with other ; security settings to protect your system from potential abuse. ; limiter-referrer="*"