Login   Register  
PHP Classes
elePHPant
Icontem

File: config.ini

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Kristo Vaher  >  Wave Framework  >  config.ini  >  Download  
File: config.ini
Role: Auxiliary data
Content type: text/plain
Description: Configuration
Class: Wave Framework
MVC framework for building Web sites and APIs
Author: By
Last change: Re-implemented system version number and updated versioning documentation. You can also limit API version numbers with API profiles now.
Date: 2013-08-18 03:06
Size: 31,861 bytes
 

Contents

Class file image Download
; Wave Framework <http://www.waveframework.com>
; General Configuration
; 
; All configuration settings in this file are loaded into State where certain variables, such as 
; error-reporting, can turn on or off certain PHP settings. This configuration script is also 
; used by scripts under /tools/ folder. Note that most settings in this file are commented
; out since system can function with default values. Uncomment and edit configuration only 
; when wishing to change defaults.
;
; If your project needs additional configuraton options then you can freely add them here and 
; access them through state-specific methods, but make sure that there is no name conflict with 
; any internal configuration and state variables. Refer to State documentation to know exactly 
; which variables have already been used.
; 
; * HTTP Authentication
; * Application Version
; * Logging and Debugging
; * Database
; * Server
; * Handler Extensions
; * Content
; * Optimizations and Cache
; * Dynamic Resources
; * API
; * Sessions
; * Request limiter
; 
; @package    State
; @author     Kristo Vaher <kristo@waher.net>
; @copyright  Copyright (c) 2012, Kristo Vaher
; @license    GNU Lesser General Public License Version 3
; @tutorial   /doc/pages/configuration.htm
; @since      1.0.0
; @version    3.7.0

; HTTP AUTHENTICATION

	; If limiter-authentication is set to 1, then HTTP authentication is required before any requests 
	; go through. It is also possible to limit the entire access to only a single IP or multiple IP 
	; addresses by assigning http-authentication-ip a comma separated list of IP addresses. These 
	; settings are also used by developer tools in /tools/ subfolder. Make sure to change your password 
	; in order to protect from potential attacks that target software default installation settings.
	http-authentication-username="developer"
	http-authentication-password="hellowave"
	http-authentication-ip="*"
	
; LOGGING AND DEBUGGING

	; This turns on Index gateway performance logging, which stores all information possible about 
	; every HTTP request. If this is set to '*' then all HTTP requests are logged, if it is set to 0, 
	; then no requests are logged. Value can also be a regular expression, in which case only requests 
	; that match the regular expression will be logged (you can use this to log only requests on a 
	; specific file, for example). Logging can also be tied to only specific IP address or addresses,
	; if you set logger-ip to have an IP address or comma separated list of addresses.
	; logger="*"
	; logger-ip="*"
	
	; This sets the error-reporting level for Wave Framework, which is used to store errors in Debugger 
	; logs. Note that this value cannot be changed over setState() method and this affects the entire 
	; system. This setting can have the value of 'off', 'critical' (ignores notices, warnings and 
	; deprecated errors) or 'full'. Please note that it is recommended to keep error-reporting on at 
	; all times. This is set to 'full' by default.
	; errors-reporting='off';
	
	; This settings turns on verbose error messages for fatal/critical errors that stop the script.
	; This will show complete error information when it is encountered on the page. This setting does 
	; not apply to warnings and notices, latter of which are all visible under Debugger script. This 
	; is turned off by default.
	; errors-verbose=1
	
	; This sets if Wave Framework also writes the entire stack trace to error logs, if errors are
	; encountered. Note that this might make some error log files very large and possibly unreadable
	; by Debugger script with default memory settings. This is set off by default and only the main
	; error message, file location and number are stored.
	; errors-trace=1
	
	; If these are set then using isDeveloper() call returns true. This allows you to test various
	; features within the API that only work when requests are made from a specific IP and user agent.
	; If these settings are not set or are empty, then isDeveloper() always returns false. Values can
	; be comma-separated-lists. Note that the user agent string should be written here without semicolon
	; character, which is unsupported in INI files.
	; developer-ip=""
	; developer-user-agent=""

; DATABASE

	; Wave Framework can connect to multiple database types, database-type values can be 'mysql',
	; 'postgresql', 'sqlite', 'mssql' and 'oracle'. If database values are not set, then system won't 
	; attempt to connect to database. Persistent connections are allowed by using database-persistent
	; flag, in which case same connection handle will be shared across requests from different user 
	; agents, but note that this flag is not recommended and can cause additional performance issues. 
	; It is also possible to set if database errors are written in developer tools debugging log with 
	; the database-errors flag. It is not recommended to turn this setting off before deploying live.
	; If you need to add port information for host, add it after host name, like 'www.example.com:3306'.
	; database-type="mysql"
	; database-host="localhost"
	; database-name=""
	; database-username=""
	; database-password=""
	; database-persistent=0
	; database-errors=1
	
	; These are database credentials for the Test Suite that is run by the test script and tests stored
	; at /tools/ subfolder. It is recommended that the test database is identical in structure to 
	; live database, otherwise the tests can affect actual database in negative ways.
	; test-database-type="mysql"
	; test-database-host="localhost"
	; test-database-name=""
	; test-database-username=""
	; test-database-password=""
	; test-database-persistent=0
	; test-database-errors=1
	
; SERVER
	
	; This setting stores comma-separated list of trusted proxy IP addresses. This setting is required 
	; when your web service or website uses a proxy, then this IP address allows for IP redirects 
	; assigned in request headers to act as user agent IP. This is a security setting and is meant to 
	; protect against bypassing IP address checks through request headers. If you use a proxy, assign 
	; the proxy IP address here. Default value is '*', which means that all proxies are allowed.
	; trusted-proxies="*";

	; This is the HTTP host address of web service or website, for example 'www.example.com'. This is 
	; detected automatically by the system, but in case the same website is accessible from two different 
	; URL's, then assigning primary one here is recommended.
	; http-host="www.example.com"
	
	; This is the directory of your website or web service on the server. Wave Framework is able to detect 
	; this directory automatically, but in case this detection causes problems, it is recommended to 
	; manually assign it here.
	; directory-system=""
	
	; By default this folder is /filesystem/userdata/ and it is used for storing various user-specific
	; files. This is detected automatically based on directory-system configuration setting. Static root folder 
	; is the base root folder for static files, similarly to 'directory-user', except files uploaded there are 
	; never served by Wave Framework.
	; directory-user=""
	; directory-static=""
	
	; By default this folder is /filesystem/data/ and it is used for storing various filesystem-centric 
	; database files, such as for SQLite. If undefined, then this is automatically based on directory-system 
	; configuration setting and it is not recommended to change this unless necessary.
	; database-root=""
	
	; This is the base root folder for temporary files. Files that are stored here should be considered 
	; temporary and used for various custom functionality in the system.
	; directory-tmp=""
	
	; This is the folder that is used to store various security certificates and OpenSSL keys, such as 
	; ones used by various API's or e-payment systems.
	; directory-keys=""

	; This is the named timezone of servers location, this is required by PHP to have a base for time 
	; calculations. Unix timestamp is used internally by Wave Framework, so changing this value will 
	; not break the system, however it could affect things like log times and functionality of the 
	; system that uses Wave Framework. This configuration is set to 'Europe/London' by default.
	; timezone="Europe/London"
	
	; This setting is a locale setting that is used for locale-related settings, such as for monetary 
	; and numeric values and messages. This is not defined by default and is detected by the system 
	; automatically.
	; locale="en_GB"
	
	; This sets the memory limit for the Wave Framework requests. Setting this value does not guarantee 
	; that it will be success, as certain servers disable setting memory limit with PHP. This setting 
	; is undefined by default, thus Wave Framework uses the internal memory limit that is set in the
	; server.
	; memory-limit="128M"
	
	; This sets the time limit for the Wave Framework requests. Setting this value does not guarantee 
	; that it will be success, as certain servers disable setting time limit with PHP. This setting 
	; is undefined by default, thus Wave Framework uses the internal time limit that is set in the
	; server. This value is in seconds.
	; time-limit=30
	
; HANDLER EXTENSIONS
	
	; This is a comma-separated list of image file extensions that are routed through Image Handler.
	; If image file extension is not listed here, then this will be served through File Handler 
	; instead - which is used to serve any file that has an extension, but no handler. If you add 
	; new extensions here, then it is recommended to also update Image Handler code at 
	; /engine/handler.image.php to support that new file extension. 
	; Default extensions are jpeg, jpg, png.
	; image-extensions="jpeg,jpg,png"
	
	; This is a comma-separated list of static resource file extensions that are routed through 
	; Resource Handler. Resource Handler can serve these files as combined on-demand. If you add 
	; new extensions here, then it is recommended to also update Resource Handler code at 
	; /engine/handler.resource.php to support that new file extension.
	; Default extensions are css, js, txt, csv, xml, html, htm, rss, vcard.
	; resource-extensions="css,js,txt,csv,xml,html,htm,rss,vcard,appcache"
	
	; This is a comma-separated list of filename extensions that are routed through File Handler.
	; If a file extension is not listed here and it is not a forbidden extension, then it will be 
	; served through Data Handler instead and acts like a web page request.
	; Default extensions are pdf,doc,docx,xls,xlsx,ppt,pptx,zip,rar.
	; file-extensions="pdf,doc,docx,xls,xlsx,ppt,pptx,zip,rar"
	
	; This is a comma-separated list of file extensions that cannot be requested over HTTP. 
	; Caution! Please note that some of these extensions, like 'ini', 'htaccess', 'version' should 
	; never be removed from here, since they can otherwise pose a security risk - it would be 
	; possible to see configuration file contents over HTTP request.
	; Default extensions are tmp, log, ht, htaccess, pem, crt, db, sql, version, conf, ini.
	; forbidden-extensions="tmp,log,ht,htaccess,pem,crt,db,sql,version,conf,ini,empty"
	
; CONTENT

	; These values are added to website meta information by the View Controller, if they are defined. 
	; Website title will include value of project-title, and author and copyright values are written 
	; into meta tags in HTML header. These values are all empty by default.
	; project-title="Wave Framework"
	; project-author=""
	; project-copyright=""

	; First setting, 'languages', is a comma-separated list of language keywords used in the system. 
	; These keywords are used for both translations files, sitemap files as well as language detection, 
	; when detecting the language form a URL. It is needed that the keywords listed here are also 
	; available as files of /resources/{keyword}.translations.ini and /resources/{keyword}.sitemap.ini. 
	; Language detection with the keywords works the same way, like http://www.example.com/{keyword}/. 
	; It is possible to customize this behavior more with other settings in configuration. Default 
	; language is defined by 'language' setting. Default language is the first language in the list.
	; This is set to 'en' by default.
	; languages="en"

	; These settings are used when using Wave Framework to build a website and not just a web service. 
	; Home view defines what view is loaded by View Controller from Sitemap file. This home-view setting
	; is actually the URL keyword from Sitemap file and it should be the same across all different 
	; languages. 404 view defines what view from /view/ folder is loaded when no other view is found. 
	; 404 View is not set in Sitemap files, though if defined (the same way as Home view), then additional
	; configuration options can be assigned there.
	; home-view="home"
	; 404-view="404"
	
	; This value is usually automatically generated from HTTPS setting, 'http-host' and 'url-web'
	; values. This should only be defined in Configuration should the base URL be somehow detected 
	; incorrectly. This is the base URL that is stored in HTML header.
	; url-base="http://www.example.com"
	
	; While most websites are accessible from the domain name and root folder then some websites are 
	; set up in subfolders (like http://www.example.com/web/). While Wave Framework is able to detect 
	; this automatically, should this automatic detection fail, it is recommended to write the web 
	; root node here. For 'http://www.example.com/web/' address it would be '/web/'. This value is 
	; used when referencing links or loading content in a website.
	; url-web=""
	
	; It is considered a good practice to have a slash in the end of URL's. If this setting is enabled, 
	; then Wave Framework will redirect all URL's that do not end with a slash to ones that do. For 
	; example http://www.example.com/mypage would become http://www.example.com/mypage/ and this 
	; setting is turned on by default by being set to 1.
	; enforce-url-end-slash=0
	
	; Wave Framework deals with multilingual websites by having the first URL node as the language 
	; detector. If this setting here is turned on, then first language (the first one in 'languages' 
	; configuration setting) requires that first URL node to also be defined as the language. Wave 
	; Framework would, in that case, redirect http://www.example.com/contact/ address to 
	; http://www.example.com/en/contact/ if the first language is 'en'. This is turned on by 
	; default, but is recommended to be turned off when web system only has one language.
	; enforce-first-language-url=0
	
	; Robots flags are used by search engines and web crawlers when gathering information about web 
	; pages that they visit. These flags are 'guides' to robots that tell robots to either index the 
	; content of pages or not. In Wave Framework, 'robots' is considered the fallback setting, but 
	; you can set different defaults for images, static resources, served files and so on. It is also 
	; possible to assign different robots setting to each URL through sitemap files in /resources/ 
	; folder. These values are set to 'noindex,nocache,nofollow,noarchive,noimageindex,nosnippet' by 
	; default, which disallows indexing.
	; robots="index,follow"
	; image-robots="index,follow"
	; resource-robots="index,follow"
	; file-robots="index,follow"
	
	; This sets whether the pages rendered through View Controller are allowed to be shown in a frame,
	; like an <iframe>, or not. This can be set to either 'deny' or 'sameorigin' or left empty. The 
	; default value is empty, so the pages can be loaded to a frame at all times.
	; frame-permissions="deny"
	
	; This sets the CSP (content security policy) setting for the domains that your site is allowed 
	; to load data from. This allows for whitelisted cross-site scripting and accessing resources on 
	; other domains, while also blacklisting other domains. This is not used by default.
	; content-security-policy="default-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.com"
	
	; This sets what domains are allowed to access the API or load resources from this installation. 
	; This sets an 'Access-Control-Allow-Origin' header to all of the HTTP requests. This is not set 
	; by default, thus disallowing cross-domain requests to this system. This allows you to make 
	; cross-domain requests to this resource if '*' is set or another domain.
	; access-control="*"
	
; OPTIMIZATIONS AND CACHE

	; Modern web browsers support output compression which reduces the amount of data sent from 
	; server to web browsers and can improve the loading speed of websites. This value can be set 
	; to 'deflate', 'gzip' or false. This setting tells Wave Framework to consider this or that type 
	; of output compression as default, or not use output compression at all (if web server does it 
	; by itself). Also note that this setting is ignored if user agent does not tell web server that 
	; they support gzip or deflate compression. This value is set to 'deflate' by default.
	; output-compression=0
	
	; Wave Framework can cache every API request. This setting tells Wave Framework to cache URL 
	; solving from Sitemap for X amount of seconds. Since /resources/{language-code}.sitemap.ini 
	; file does not change frequently on most projects, then this value can be increased to minutes, 
	; even hours. For development reasons and special cases however, this value is set to 0 by 
	; default and URL solving is not cached.
	; index-url-cache-timeout=300
	
	; This setting assigns the default cache duration of a website page. This value can be customized 
	; per view and URL in /resources/{language-code}.sitemap.ini and this value here only acts as 
	; a default. If your website is informative and mostly consists of content web pages, then this 
	; default value can be increased to minutes, if not hours. Default value is 0 and by default 
	; pages are not cached.
	; index-view-cache-timeout=30
	
	; These settings give default cache durations for static resources, robots.txt and sitemap.xml 
	; files. This value affects max lifetime headers as well as internal cache duration (though 
	; this is always checked against source file modification date). Resource cache timeout default 
	; is 31536000, which is one year in seconds. Robots and Sitemap files have default cache of 
	; 14400 seconds, which is four hours.
	; resource-cache-timeout=31536000
	; robots-cache-timeout=14400
	; sitemap-cache-timeout=14400
	
	; Memcache can be used to improve caching speeds noticeably in Wave Framework and speed up 
	; your website or web service considerably. If host and port are not set, then localhost and 
	; 11211 port is used for the connection.
	; memcache=1
	; memcache-host="localhost"
	; memcache-port=11211
	
	; APC extension is not officially part of PHP, but if web server supports APC, then this can 
	; speed up caching and performance. If this setting is set to 1 and APC is supported on the 
	; server, then Wave Framework will use APC for caching rather than filesystem in some cases.
	; This setting is set to 0 by default.
	; apc=1
	
	; If these are set, then Wave Framework will use database caching as opposed to filesystem 
	; based caching for all Data Handler and API Handler requests. Static files would still use 
	; filesystem specific cache if on-demand parameters are used. Database caching is generally 
	; slower than filesystem cache, but it has the benefits of being shared. Note that if the 
	; cache-database-* settings are not set and the rest of the settings are, then the main  
	; database settings are used for the connection. If cache-database-type is set to 'any'
	; and generic database configuration is also set, then the same database connection is 
	; used as in the main application rather than creating a new connection.
	; cache-database=1
	; cache-database-type="mysql"
	; cache-database-host="localhost"
	; cache-database-name=""
	; cache-database-username=""
	; cache-database-password=""
	; cache-database-errors=1
	; cache-database-persistent=0
	; cache-database-table-name="cache"
	; cache-database-address-column="cache"
	; cache-database-timestamp-column="cache"
	; cache-database-data-column="cache"
	
; DYNAMIC RESOURCES
	
	; If this is set to 1, then Wave Framework uses /resources/placeholder.jpg as image resource 
	; whenever it cannot actually find the image resource that it attempts to load. This allows 
	; web system to gracefully fall back when original image cannot be found anymore, since it 
	; will not display the broken image icon in browsers as a result. File not found 404 header 
	; is still returned however, so web crawlers will not index this image.
	; 404-image-placeholder=0
	
	; Dynamic image loading is a global flag that sets whether user agent can request images from 
	; the system with on-demand flags, such as on-demand resolution or image effects. For example, 
	; if you enter an URL like http://www.example.com/resources/images/60x60&logo.png, then system 
	; returns an image that is 60 pixels in both dimensions. This setting is set to 1 by default, 
	; enabling this functionality.
	; dynamic-image-loading=0
	
	; This is a security setting against potential Denial of Service attacks. This setting is the 
	; maximum height or width that system can dynamically serve. This is set to 1000 by default, 
	; which disables on-demand resolutions that are bigger than 1000 pixels in width or height. 
	; dynamic-max-size=1000
	
	; This is a security setting against potential Denial of Service attacks. This is a space-
	; separated list of image resolutions that are allowed to be loaded on-demand. For example, 
	; if this is set to '60x60 320x240' then only images of 60x60 and 320x240 resolutions would 
	; be allowed to be loaded on-demand. This setting is not defined by default, which allows all 
	; image resolutions to be loaded on-demand.
	; dynamic-size-whitelist=""
	
	; This is a security setting against potential Denial of Service attacks. This is a space-
	; separated list of background color values in RGB that are allowed to be loaded on-demand. 
	; For example, if this is set to '120,60,14 255,255,255' then only these two RGB colors would 
	; be allowed. This setting is not defined by default, which allows for all background colors 
	; to be loaded on-demand.
	; dynamic-color-whitelist=""
	
	; This is a security setting against potential Denial of Service attacks. This is a space-
	; separated list of quality settings that are allowed to be loaded on-demand. For example, 
	; if this is set to '@50 @30', then only images with @50 and @30 quality settings are allowed 
	; to be loaded on-demand. This setting is not defined by default and all quality levels 
	; are allowed.
	; dynamic-quality-whitelist=""
	
	; This is a security setting against potential Denial of Service attacks. This is a space-
	; separated list of image positions that are allowed to be loaded on-demand. For example, if 
	; this is set to 'top-left 30-50', then only image positions of top-left and 30-50 (pixels) 
	; are allowed. This setting is not defined by default and all positions are allowed.
	; dynamic-position-whitelist=""
	
	; This is a security setting against potential Denial of Service attacks. Wave Framework allows 
	; for advanced on-demand image filtering. If this setting is turned off, then on-demand image 
	; filtering is not allowed at all and such images cannot be requested. By default this value is 1, 
	; which enables on-demand filters.
	; dynamic-image-filters=0
	
	; This is a security setting against potential Denial of Service attacks. If dynamic image 
	; filters are enabled, then this is a space-separated list of allowed filter settings. If this 
	; is set to 'grayscale@100 colorize@40,120,120,120' then only grayscale filter with parameter 100 
	; and colorize filter with 40, 120, 120 and 120 parameters are allowed. These values must be 
	; written the same way they are written to filter() brackets during on-demand image request.
	; dynamic-filter-whitelist=""

	; This is a security setting against potential Denial of Service attacks. This setting, if set 
	; to 1, allows to load scripts and CSS files in unified form from /resources/ folder. Multiple 
	; scripts can be loaded by separating their filenames with & symbol and 'minify' flag can also 
	; be used to load the resource in minified form. This setting is 1 by default.
	; dynamic-resource-loading=0

; API

	; This is a comma-separated list of API versions that are allowed to be accessed over API.
	; By default this value is not set at all, which means that sending 'www-version' value with 
	; the request has no impact. API versions can only consist of latin characters and numbers. 
	; The most recent API version number is defined in '.version' file in the root folder.
	; api-versions="v2,v1"
	
	; This sets the default profile name of a public profile - when profile name itself is not set 
	; in the request. This profile must have profile settings set in /resources/api.profiles.ini file.
	; api-public-profile="public"
	
	; If this setting is set to 1, then public API requests require a 'www-public-token' as part of 
	; HTTP API requests that do not use an authenticated API profile. This token has to be generated 
	; to and submitted with all the forms on the website. This is set to 0 by default, but is 
	; recommended to be implemented on websites and services that implement user accounts and other 
	; similar systems as a protection for cross-site-request-forgery attacks. Note that this token 
	; is only actually checked if the user is 'logged in' (user session data is populated).
	; api-public-token=1
	
	; It is possible to keep a simplified log of API requests that are sent to API Handler. This 
	; setting is a comma-separated list of API profiles that will be tracked or will not be tracked. 
	; This allows for keeping track of how actively this or that API Profile is used in the system 
	; and gives a good overview of what commands have been used the most and how frequently. Setting 
	; it to '*' will mean that every API Profile will be logged, except profiles listed with '!' in 
	; front of their name. The default setting, if used, will track all API profiles except the 
	; public profile.
	; api-logging="*,!public"
	
	; It's possible to log specific messages in internal log by sending such a command from MVC 
	; objects of Wave Framework. This setting here acts as a filter to those messages. Every 
	; message is stored with a 'key' and in here you can set which keys are logged and which 
	; keys are ignored. Setting it to '*' will mean that everything will be logged. If a key 
	; has exclamation mark before it, then that key will be ignored. Wave Framework has two 
	; default internal log messages 'input-data' and 'output-data' which are ignored by default, 
	; but sometimes it is recommended to turn them on for debugging purposes. This internal log 
	; can be read from developer tools as /tools/log-reader.php?internal URL. Default setting logs
	; all log entries except the API input-data and output-data entries.
	; internal-logging="*,!input-data,!output-data"
	
; SESSIONS 

	; This setting is the namespace/cookie value used for sessions. For example this value is the 
	; cookie name for sessions. If this setting is not set in configuration, then Wave Framework 
	; generates this value by creating a numeric hash from the root directory address on the server.
	; It is not necessary to change this value unless your system runs on multiple servers with 
	; different system root addresses at the same time and you need to carry the sessions across.
	; session-name="PHPSESSID"
	
	; This is the amount of seconds that have to pass before Wave Framework automatically regenerates
	; the session cookie. This is set to 0 by default, thus session cookies are not regenerated 
	; automatically.
	; session-regenerate=720
	
	; These values are session cookie settings. State assignes them by default and that is usually 
	; recommended, but you can assign your own values here. If 'session-lifetime' value is 0, then
	; sessions will last until they time out in browsers. That is also the default.
	; session-lifetime=1440
	; session-path="/"
	; session-domain="www.example.com"
	; session-secure=0
	; session-http-only=1

	; Wave Framework has a basic user and permissions handling through sessions as well as session 
	; fingerprinting, which can be accessed through <a href="guide_mvc.htm">MVC</a> objects. This 
	; sets the keys under which user data and permissions are stored in sessions. These values are 
	; set to 'www-user', 'www-permissions', 'www-fingerprint', 'www-timestamp' and 'www-public-token'
	; by default.
	; session-user-key="www-user"
	; session-permissions-key="www-permissions"
	; session-fingerprint-key="www-fingerprint"
	; session-timestamp-key="www-timestamp"
	; session-token-key="www-public-token"
	
	; This setting allows you to tie your sessions to the specific web browser and IP address. This 
	; setting is undefined by default, so fingerprinting is not used. Value of this setting can be 
	; a comma separated string that consists of keys like 'ip' and 'browser'. If you only want browser 
	; specific fingerprinting, then just assign it as 'browser', or if only IP fingerprinting, then
	; use 'ip'.
	; session-fingerprint="ip,browser"
	
; REQUEST LIMITER

	; This turns on HTTP request limiter if set to 1. This setting is a global flag, if this is 
	; not set to 1, then all other flags of this group are ignored. This is set to 0 by default.
	; limiter=1
	
	; If this is set to 1, then every HTTP request requires HTTP authentication based on http-* 
	; configuration settings. Otherwise all requests are blocked. This is useful to protect 
	; website or web service from being accessed during development. This is not used by default.
	; limiter-authentication=1
	
	; This setting enforces HTTPS connections, when accessing this web service. If this is turned 
	; on, then all non-HTTPS requests will be redirected to HTTPS. This is not used by default and 
	; both HTTP and HTTPS requests (if supported) are allowed.
	; limiter-https=1
	
	; This setting is a comma-separated list of IP addresses which are allowed to access this 
	; website or web service. Requests from any other IP are blocked and not allowed. This is 
	; not used by default.
	; limiter-whitelist=""
	
	; If whitelist limiter is not used, then this setting can be a comma-separated list of IP 
	; addresses that are not allowed to access this website or web service. This is not used 
	; by default.
	; limiter-blacklist=""
	
	; This setting allows to limit the amount of requests per minute that are allowed. This is 
	; used to protect the system against Denial of Service attacks. This setting is the maximum 
	; amount of requests allowed per IP address. If this limit is exceeded, then that IP is blocked 
	; for one hour from accessing the service again. This is not used by default.
	; limiter-request=120
	
	; This setting sets the server load value that when met, will make Wave Framework temporarily 
	; block HTTP requests. If server load is too high, then subsequent requests can make problems 
	; worse, so this setting allows you to make such requests as short and quick as possible, which 
	; helps reduce the load on the server. This setting is undefined by default and this limiter 
	; is not used.
	; limiter-load=80
	
	; This is a comma-separated list for all the domains that are allowed to make a request to this 
	; system. If this configuration setting is used and it is not '*', HTTP header for referrer is set, 
	; then this requests will return a Forbidden message. You can use this in combination with other 
	; security settings to protect your system from potential abuse.
	; limiter-referrer="*"