Config.php Options

There are a number of application configuration options that are in the library/config.php file. These are advanced options and should be modified with care.

Incorrect configuration of these options may render your XenForo installation unusable. If you run into any problems, undo your modifications.

If you wish to modify any values in your config.php file, simply add a line to the end of the file. This guide assumes a basic understanding of PHP syntax.

  • $config['db']['adapterNamespace'] - default: 'Zend_Db_Adapter'
    Controls database connection adapter class that will be used.
  • $config['cache']
    This is discussed in the Defining a Cache section.
  • $config['debug'] - default: false
    Controls whether debug mode is enabled. Debug mode gives more access to error messages, debugging/performance information, and development tools. It should not be run on a production forum as it may degrade performance or even open up security issues.
  • $config['enableListeners'] - default: true
    Allows add-on event listeners to be disabled in the event of an add-on preventing the control panel from being accessed. Read more in Disabling Add-ons via config.php.
  • $config['superAdmins'] - default: '1'
    This is a comma-separated list of user IDs that are considered super administrators. Super administrators can create/delete other administrators and always access all parts of the control panel.
  • $config['jsVersion'] - default: ''
    This value can be changed to force a refresh of all JS files. For developers, this has been superseded by the jsLastUpdate option.
  • $config['cookie']['prefix'] - default: 'xf_'
    All cookies set by XenForo will have this prefix. This can be changed if you have multiple XenForo installations on the same domain.
  • $config['cookie']['path'] - default: '/'
    This allows the cookies set by XenForo to be constrained to a particular sub-directory on your domain. This can be changed if you have multiple XenForo installations on the same domain.
  • $config['cookie']['domain'] - default: ''
    If you need XenForo's cookies to be available on a sub-domain, this can be to '.domain.com' to allow the cookies to be accessed on sub-domains.
  • $config['enableMail'] - default: true
    Set this to false to prevent XenForo from sending any emails.
  • $config['internalDataPath'] - default: 'internal_data'
    File path to the internal_data/ directory. Relative paths start at the XenForo installation directory. This can be set outside the web root.
  • $config['externalDataPath'] - default: 'data'
    File path to the data/ directory. Relative paths start at the XenForo installation directory. This directory must be web accessible.
  • $config['externalDataUrl'] - default: 'data'
    URL to the data/ directory. Relative URLs start at the XenForo installation URL.
  • $config['javaScriptUrl'] - default: 'js'
    URL to the js/ directory. Relative URLs start at the XenForo installation URL. This can be changed to serve JavaScript from a CDN, for example.
  • $config['checkVersion'] - default: true
    If true, access to the forums is automatically disabled if the file version does not match the database version.
  • $config['enableGzip'] - default: true
    If true, all textual content sent by XenForo will be automatically gzipped.
  • $config['enableContentLength'] - default: true
    If true, XenForo will send a Content-Length header. In some server configurations, the content may be modified between XenForo sending it and it being received by the end user. In this situation, the Content-Length header may not be updated correctly so it should be disabled.
  • $config['adminLogLength'] - default: 60
    The number of days to keep the log of all administrator activities in the admin control panel.
  • $config['chmodWritableValue'] - default: 0
    If this value is non-zero, all files created by XenForo will be automatically chmodded to this value. Directories will be chmodded to this value as well, though they will also always be user-, group-, and world-executable as well. In most situations, XenForo will determine the correct chmod value automatically.
  • $config['rebuildMaxExecution'] - default: 8
    When performing data rebuilds or long running processes, they will only run for this number of seconds before the page is reloaded. Increasing this number can improve rebuild performance marginally, but some servers may forcibly kill the PHP process.
  • $config['passwordIterations'] - default: 10
    The strength of the bcrypt-based password storage system. Higher numbers are more secure but each increase will roughly double the amount of time it takes to generate or validate a password, leading to higher server usage.
  • $config['enableTemplateModificationCallbacks'] - default: true
    Template modifications may make a PHP callback to modify the templates. In the event of an error in the callback, XenForo may not be able to complete its template rebuild. This option can be disabled to temporarily disable the modification to allow the rebuild to complete.
  • $config['enableClickjackingProtection'] - default: true
    When enabled, this option prevents clickjacking attacks by placing your forum in an iframe and tricking the user into clicking something. However, this can also disable valid uses of iframe embedding. Disable this only if you understand the implications.
  • $config['enableReverseTabnabbingProtection'] - default: true
    When enabled, this option prevents reverse tabnabbing-based phishing attacks that are triggered when your users click links to external sites. However, this protection may interfere with external services that rely on changing how link clicks are processed (such as to include affiliate links). Disable this only if you understand the implications.
  • $config['maxImageResizePixelCount'] - default: 20000000
    The maximum size of an image (in total numbers of pixels) that XenForo will attempt to resize. Images larger than this will simply not be resized and thus may be rejected. This is calculated using width × height.
  • $config['untrustedHttpClient'] - default: array()
    When XenForo makes an HTTP call to an untrusted external server, you may specify a specific adapter configuration. For example, this allows you to use an HTTP proxy service to stop your application server's IP from being leaked. The value should be an adapter configuration array like given in this Zend_Http_Client_Adapter_Proxy example.