General Settings
System administrators can use this section to configure general SmarterStats settings.
To access this section, click the Settings icon. Then click General Settings
in the navigation pane. The general settings will load and the following tabs will
be available:
Options
Use this tab to specify the following settings:
- Default Theme - Allows a user or admininstrator to set a default light or dark theme that carries throughout the interface.
- Send email reports after - Use this setting to specify the time that email reports should be sent after. Note: Email reports will be sent after the time configured. While some reports may be sent a few minutes after, others may take a couple of hours.
- Custom Help URL - A URL entered here will be used in place of the default Online Help link that's available when someone clicks on their icon in the upper, right corner of the interface.
- Custom Help Text - This is the text that's displayed when a Customer Help URL is being used.
- Enable notification reminder popups - Select this option to allow SmarterStats
to display licensing and other administrative reminders.
- Enable user password reset functionality - Select this option to allow users
to reset their password from the login screen if they forget it. Note: The "Forgot your password?" link will only appear on the login page if SMTP settings are configured within the General Settings. In addition, users must have an email address configured in their user settings in order to use the password reset functionality.
- Send notification emails to system administrator - Select this option to
send emails to the system administrator if errors occur.
- Force all traffic over HTTPS - Select this option to force all SmarterStats traffic over HTTPS. This improves SmarterStats security by allowing all traffic to be encrypted. Note: Prior to enabling this setting, SmarterStats must be set up as a site in IIS and have a valid SSL certificate in place for the SmarterStats site.
- Allow interface to be embedded in another site (not recommended) - Enabling this allows you to embed the SmarterStats interface inside an iFrame. As this can cause some security risks, this is not recommended.
UNC
If your log files are secured on a separate server or in a folder with permission restrictions, it may be necessary to specify the UNC account credentials needed to access the raw IIS logs. Use this tab to configure the system level UNC credentials for your installation. NOTE: These credentials are used for each SmarterStats site that's configured. If every site has its own Log Location, regardless of whether the logs are access via UNC or not, it may be better to leave these settings blank. However if some of the sites are located on a specific server that's accessed via UNC, it may be worthwhile to set these cedentials then individual sites separately.
- UNC Username - The identifier used to authenticate with the UNC account.
- UNC Password - The corresponding password used to authenticate with the UNC account.
- UNC Domain - The corresponding domain used to authenticate with the UNC account.
Note: Configuring the UNC credentials here will apply to each site configured within SmarterStats. Individual sites can override the system level UNC account by unchecking the site setting “Use Default UNC Settings”.
SMTP
Use this tab to specify the following settings:
- From Address - The email address from which reports will be sent.
- From Display Name - The name that appears in the From field of emails.
- SMTP Server - The mail server used to send email reports.
- SMTP Security - Select this option if the connection to the server must be
SSL or TLS.
- SMTP Server Port - The port used to connect to the mail server. By default,
the port is 25. If a security option is selected, the default port will change to the most common port used. (I.e., 465 for SSL or 587 for TLS.)
- Allow site administrators to override SMTP settings - Select this option
to allow site administrators to specify their own SMTP settings. In that way, email
reports and other items can be sent from an email address associated with the site
being analyzed.
- Enable SMTP authentication - Select this option if SMTP authentication is
required to send mail from this email address.
- Auth Username - The identifier used to authenticate with the external email
server. In some cases, this may be the full email address of the account.
- Password - The corresponding password used to authenticate with the external
email server.
- Confirm Password - Re-type the password used to authenticate with the
external email server.
System Administrator
Use this tab to specify the following system administrator-based settings:
- Site ID - The unique identifier for the system administrator area of the
SmarterStats site.
- Username - The username of the system administrator. By default, the system
administrator username is admin.
- New Password - The new password the system administrator wants to use to
login to SmarterStats.
- Confirm Password - The new password the system administrator wants to
use to login to SmarterStats. Note: To successfully change the password, be sure
the text typed into this field matches the text typed into the New Password field.
- Email Address - The email address of the SmarterStats administrator.
CSP
The Content Security Policy (CSP) is a computer security standard that was introduced to help prevent specific types of cross-site scripting (XSS) exploits, clickjacking and other types of code injection attacks. Most web applications have a CSP built-in, with little opportunity for administrators to manage the policy without making code-level changes. SmarterStats, however, allows experienced administrators to add things to SmarterStats' CSP to expand on its functionality. For example, adding in the ability to embed videos, fonts or scripts from third-party services. These are normally blocked by an application's CSP as it can lead to pages being hijacked to embed, and therefore execute, malicious code.
NOTE: It is strongly recommended that this page be left untouched, except by an administrator or experienced web professional. There may be some entries by default, which cannot be removed, but any additions to any areas should be made very carefully to avoid any potential security issues.
Policy Directives and Sources
Each text box represents a specific "policy directive" within the CSP. Policy Directives describe the policy for a specific resource type and each has one or more allowed sources. The editable policy directive, its description and the uneditable default sources are listed, if any. Each policy can have one or more source, and each source should be on its own line.
connect-src
This policy dictates which URLs are able to be loaded via script interfaces. For example, adding in Google Analytics Site IDs. Wildcards are allowed and there are no default sources. (E.g., *.google.com)
frame-ancestors
This policy specifies valid "parent URLs" that may embed a page in a frame, iframe, etc. Wildcards are allowed and there are no default sources.
frame-src
This policy specifies valid sources for nested content that are loaded via frames, etc. This content can include embedded videos, etc. Wildcards are allowed and there are no default sources.
script-src
This policy specifies valid sources for JavaScript. This includes not only URLs loaded directing using a <script> tag, but also things like inline script event handlers (e.g., OnClick events) and XSLT stylesheets, which can trigger script execution.Wildcards are allowed and there are no default sources.
style-src
This policy specifies valid sources for stylesheets. Wildcards are allowed and there are no default sources.
Copyright © SmarterTools Inc. All rights reserved.