diff options
author | Stefan Giehl <stefan@matomo.org> | 2020-12-08 00:54:17 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-08 00:54:17 +0300 |
commit | 0d979018ce23e8e0187dd435cc8de99fcf3c3585 (patch) | |
tree | e06eb15fc0754475077fef3ad3e4da15232334cb /config | |
parent | 28efeafae6c9540060f39a5e1f76b4da3ad6c8bc (diff) |
Host detection: use HTTP_HOST as default, but provide a setting to use SERVER_NAME instead (#16899)
Diffstat (limited to 'config')
-rwxr-xr-x | config/global.ini.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index 1560f0c56c..8912d29c0c 100755 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -395,6 +395,10 @@ hash_algorithm = whirlpool ; it is recommended for security reasons to always use Matomo over https force_ssl = 0 +; If set to 1 Matomo will prefer using SERVER_NAME variable over HTTP_HOST. +; This can add an additional layer of security as SERVER_NAME can not be manipulated by sending custom host headers when configure correctly. +host_validation_use_server_name = 0 + ; Session garbage collection on (as on some operating systems, i.e. Debian, it may be off by default) session_gc_probability = 1 |