General Settings

System administrators can use this section to configure general SmarterStats settings. To access this section, click the Settings icon. Then click General Settings in the navigation pane. The general settings will load and the following tabs will be available:

Options

Use this tab to specify the following settings:

• Default Theme - Allows a user or administrator to set a default light or dark theme that carries throughout the interface.
• Send email reports after - Use this setting to specify the time that email reports should be sent. Note: Email reports will be sent after the time configured. While some reports may be sent a few minutes after, others may take a couple of hours.
• Custom Help URL - A URL entered here will be used in place of the default Online Help link that's available when someone clicks on their icon in the upper, right corner of the interface.
• Custom Help Text - This is the text that's displayed when a Customer Help URL is being used.
• Enable notification reminder popups - Select this option to allow SmarterStats to display licensing and other administrative reminders.
• Enable user password reset functionality - Select this option to allow users to reset their password from the login screen if they forget it. Note: The "Forgot your password?" link will only appear on the login page if SMTP settings are configured within the General Settings. In addition, users must have an email address configured in their user settings in order to use the password reset functionality.
• Send notification emails to system administrator - Select this option to send emails to the system administrator if errors occur.
• Force all traffic over HTTPS - Select this option to force all SmarterStats traffic over HTTPS. This improves SmarterStats security by allowing all traffic to be encrypted. Note: Prior to enabling this setting, SmarterStats must be set up as a site in IIS and have a valid SSL certificate in place for the SmarterStats site.
• Allow interface to be embedded in another site (not recommended) - Enabling this allows you to embed the SmarterStats interface inside an iFrame. As this can cause some security risks, this is not recommended.

UNC

If your log files are secured on a separate server or in a folder with permission restrictions, it may be necessary to specify the UNC account credentials needed to access the raw IIS logs. Use this tab to configure the system level UNC credentials for your installation. NOTE: These credentials are used for each SmarterStats site that's configured. If every site has its own Log Location, regardless of whether the logs are access via UNC or not, it may be better to leave these settings blank. However, if some of the sites are located on a specific server that's accessed via UNC, it may be worthwhile to set these credentials then individual sites separately.

• UNC Username - The identifier used to authenticate with the UNC account.
• UNC Password - The corresponding password used to authenticate with the UNC account.
• UNC Domain - The corresponding domain used to authenticate with the UNC account.

Note: Configuring the UNC credentials here will apply to each site configured within SmarterStats. Individual sites can override the system level UNC account by unchecking the site setting “Use Default UNC Settings”.

SMTP

These settings dictate the details surrounding how, and from whom, email reports and other emailed notifications are sent. System administrators can set up default accounts for emailed reports, and then allow individual site administrators to override these settings so they can set up their own from addresses, etc. Use this tab to specify the following settings:

• From Address - The email address from which reports will be sent.
• From Display Name - The name that appears in the From field of emails.
• SMTP Server - The mail server used to send email reports.
• SMTP Security - Select this option if the connection to the server must be SSL or TLS.
• SMTP Server Port - The port used to connect to the mail server. By default, the port is 25. If a security option is selected, the default port will change to the most common port used. (I.e., 465 for SSL or 587 for TLS.)
• Allow site administrators to override SMTP settings - Select this option to allow site administrators to specify their own SMTP settings. In that way, email reports and other items can be sent from an email address associated with the site being analyzed.
• Enable SMTP authentication - Select this option if SMTP authentication is required to send mail from this email address.
• Auth Username - The identifier used to authenticate with the external email server. In some cases, this may be the full email address of the account.
• Password - The corresponding password used to authenticate with the external email server.
• Confirm Password - Re-type the password used to authenticate with the external email server.

System Administrator

Use this tab to specify the following system administrator-based settings:

• Site ID - The unique identifier for the system administrator area of the SmarterStats site.
• Username - The username of the system administrator. By default, the system administrator username is admin.
• New Password - The new password the system administrator wants to use to log in to SmarterStats.
• Confirm Password - The new password the system administrator wants to use to log in to SmarterStats. Note: To successfully change the password, be sure the text typed into this field matches the text typed into the New Password field.
• Email Address - The email address of the SmarterStats administrator.

CSP

The Content Security Policy (CSP) is a computer security standard that was introduced to help prevent specific types of cross-site scripting (XSS) exploits, click-jacking and other types of code injection attacks. Most web applications, like SmarterStats, have a CSP built-in, with little opportunity for administrators to manage the policy without making code-level changes. SmarterStats, however, allows experienced administrators to add things to SmarterStats' existing CSP to expand on its functionality. For example, adding in the ability to embed videos, fonts or scripts from third-party services. These are normally blocked by an application's CSP as it can lead to pages being hijacked to embed, and therefore execute, malicious code.

NOTE: It is strongly recommended that this page be left untouched, except by an administrator or experienced web professional. There may be some entries by default, which cannot be removed, but any additions to any areas should be made very carefully to avoid any potential security issues.

Policy Directives and Sources

Each text box represents a specific "policy directive" within the CSP. Policy Directives describe the policy for a specific resource type and each has one or more allowed sources. The editable policy directive, its description and the uneditable default sources are listed, if any. Each policy can have one or more source, and each source should be on its own line.

connect-src

This policy dictates which URLs are able to be loaded via script interfaces. For example, adding in Google Analytics Site IDs. Wildcards are allowed and there are no default sources. (E.g., *.google.com)

frame-ancestors

This policy specifies valid "parent URLs" that may embed a page in a frame, iframe, etc. Wildcards are allowed and there are no default sources.

frame-src

This policy specifies valid sources for nested content that are loaded via frames, etc. This content can include embedded videos, etc. Wildcards are allowed and there are no default sources.

script-src

This policy specifies valid sources for JavaScript. This includes not only URLs loaded directing using a <script> tag, but also things like inline script event handlers (e.g., OnClick events) and XSLT stylesheets, which can trigger script execution.Wildcards are allowed and there are no default sources.

style-src

This policy specifies valid sources for stylesheets. Wildcards are allowed and there are no default sources.