Web and HTTP
The Web & HTTP settings let you control how your solution handles Web & HTTP-related events.
Using the Web & HTTP settings you can:
- Upgrade or downgrade your Dynamicweb solution
- Configure host headers
- Control if and how your solution should generate SEO-friendly customized URLs for your content
- Create and manage virtual direct paths
- Configure the form and SQL inject security settings
- Configure the Cookie Manager
- Configure your HTTP compression settings
- Configure the SMTP settings for the solution
- Set a global CDN provider
- Set up Load balancing
Most of these options are administrator only – so if you need any changes, please contact your administrator before you contact support.
Provided that you have Administrator access, the Manage Versions area (Figure 2.1) allows you to upgrade (or downgrade) your Dynamicweb solution.
To access the Manage Version area go to Settings > Web and Http and click the Manage Versions node.
To change version:
- Click Change version in the toolbar to open the Change version window
- Select the version you want to change to
- Click Ok
Your solution will now upgrade (or downgrade) to the selected version. Please note that the solution will restart and you will be logged off.
Upgrading custom solutions
We do not recommend upgrading custom solutions to a new version using the Manage Versions tool. Please upgrade custom solutions manually.
If you have administrator access, you have access to the Host Headers settings (Figure 3.1). They allow you to create and configure multiple host headers for your solution directly on the IIS.
To create a new host header:
- Click Add in the toolbar
- Specify a host name, and optionally an IP address and a port to use (port 80 is default)
- Click OK to add the host header to the list
Once you’ve added the host headers you need, click Save and apply to save the host headers to the IIS. Please note that your solution will restart and you will be logged off.
On special characters
Dynamicweb automatically detects the IIS version you are running on and converts to/from punycode as needed.
Older versions may receive a ‘Operation failed’ error when trying to save a hos header using spaces or special characters.
The Security settings (Figure 4.1) lets you control various security settings related to your solution.
- Activate antispam functionality for form submission and creating/editing users using the extranet module – this will create hidden input fields, which will be filled by bots and used to filter out spam. You can then:
- Enter an email address to send a copy of the filtered forms to (this can be useful for debugging)
- Define a seconds before post limit, which will cause forms submitted before that limit to be spam
- Define a submits from same IP limit, which will cause submissions to be flagged as spam
- Disable extended checks which will disable the seconds limit and the IP submission limit entirely
- Completely disable Dynamicweb’s built-in security measures against SQL injections. We strongly advise against this. Use at your own risk. You can also disable the security measures for specific fields only using the ignore the following fields list.
- Restrict access for support users, which removes angel-access to a solution. Please be aware that this include our support staff.
- Disable various debugging features:
- Disable the use of debug=true, dbstat=true, etc. for users not logged in to the administration
- Make the system throw .NET exceptions on App-errors instead of rendering the exception on the page
- Make the system throw .NET exceptions instead of rendering the Razor exception on the page
When the SQL injection check is active, injection attempts will result in a 15 minute IP ban of the injection source. The IPs will be listed in \Files\System\_BannedIps.txt. Delete the file to lift any active bans. Only SQL injection attempts will return in IP bans – other forms of attack, such as cross scripting attempts, will only result in 404 on subsequent tries.
You can also specify one or more emails to notify when an SQL injection attack is detected.
Dynamicweb ships with a Cookie Manager tool, which can help you comply with EU legislation - read more here.
With the HTTP Compression settings (Figure 6.1), you can choose between GZip and Deflate compression. You may also select None.
You can also check Minify HTML to remove unnecessary whitespace from your HTML code.
The Settings section (Figure 6.2) let you:
- Check do not add base href to disable adding the base href meta tag to pages from this solution
- Disable port number in base href and Cart redirects
Some types of customized URLs add a tag to the head section of pages in frontend - and when running SSL, this tag has a port number added to it. In some hosting environments, SSL http requests are translated by a firewall, in which case the base href tag is needed without a port number.
- Disable performance comments in the source html of all rendered pages
- Add a last modified header to the HTTP response - this can be used by some browsers to control content cache invalidation
- Disable browser cache of web content
With the Image Handler settings ( Figure 6.3), you can control for how long the output cache from the Image Handler tool should be saved (in hours) - default is set to 168 hours (one week).
With the SMTP settings (Figure 7.1), you can configure your mail server.
To set up the mail server:
- Enter the mail server address - you can add more than one using ";" as a separator (e.g. smtp.yourdomain.dk;mail.yourdomain.dk)
- Enter a port number - the default smtp port is 25
- Enter the user name and password to the smtp server
- Check SSL to use SSL Encryption
Check Do not use SMTP pickup directory to bypass the pickup directory on your mail server. This should be set when both a username and password has been specified in the other settings.
You can use the Test Mail Settings button to verify that SMTP is working correctly. You can also use two test settings:
- Save all emails to disk saves all emails to /Files/System/Log/EmailHandler/. This will of course slow down performance very considerably, due to a synclock in the savinf process.
- Enable test mode will forward all emails sent from the solution to the address specified in Forward emails to field.
With the CDN settings (Figure 8.1) you can configure a global CDN network, which can then be inherited or overwritten in the website settings for each of your websites, as appropriate.
If your website uses the HTTPS protocol the CDN host should also use the HTTPS protocol.
Static resources placed under /Files will not be replaced.
The Tracking node contain settings related to statistics and tracking in Dynamicweb.
- Enable or disable Tracking - this is the new framework for collecting statistics in Dynamicweb
- Enable or disable Statistics - this is the old framework for collecting statistics. While it has been deprecated, certain features in Dynamicweb are still reliant on it.
- Activate loggin for the Tracking framework. This is for debugging purposes.
- Set a table time interval - the span of time which must pass before tracking tables are split