Web Debug

Fix broken web applications, from servers to clients.

what is browser reflow

Reflow is the name of the web browser process for re-calculating the positions and geometries of elements in the document, for the purpose of re-rendering part or all of the document. Because reflow is a user-blocking operation in the browser, it is useful for developers to understand how to improve reflow time and also to understand the effects of various document properties (DOM depth, CSS rule efficiency, different types of style changes) on reflow time. Sometimes reflowing a single element in the document may require reflowing its parent elements and also any elements which follow it.

SSL Cipher-Suite get restricted under certain SSL certificates

Some times you will notice certain secure website cannot be viewed by windows xp client, but on windows vista or above it is working fine,

http://serverfault.com/questions/166750/why-does-windows-ssl-cipher-suite-get-restricted-under-certain-ssl-certificates

Problem:

Windows Server 2008 R2 will only support the following ssl cipher suites when using certain certificates on the server:

TLSECDHERSAWITHAES128CBCSHA
TLS
ECDHERSAWITHAES256CBCSHA


This prevents XP clients from connecting to the server since the XP Cryptographic API doesn't support any AES ciphers by default.
As a result, the following errors appear in the server logs when attempting to connect using internet explorer or remote desktop. (since they use microsoft's CAPI)

Schannel Error 36874 "An TLS 1.0 connection was recieved from a remote client application, but dodne of the cipher suites supported by the client are supported by the server. The SSL connection request has failed."
Schannel Error 36888 "The following fatal alert was generated: 40. The internal error state is 1204


 

<!--more-->

Root Cause:

If the certificate being used on the server was generated using the Legacy Key option in the certificate request form, the private key for that certificate will be stored in Microsoft's legacy Cryptographic API framework. When the web server tries to process requests using its new, Cryptographic Next Generation (CNG) framework, it appears that something related to the RSA private key stored in the legacy framework is unavailable to the new framework. As a result, the use of the RSA cipher suites is severely limited.

Solution:
Generate the certificate request using the CNG Key template in the custom certificate request wizard.

MMC | Local Computer Certificate Manager | Personal Certificates Folder | (right click) | All Tasks -> Advanced Operations | Create Custom Request | "Proceed without enrollment policy" | select "(no template) CNG key" | proceed to complete the certificate request according to your needs.


Verifying that the key is in the right place:
http://msdn.microsoft.com/en-us/library/bb204778(VS.85).aspx
http://www.jensign.com/KeyPal/index.html

Tools for verifying correct cipher-suites:
http://pentestit.com/2010/05/16/ssltls-audit-audit-web-servers-ssl-ciphers/
https://www.ssllabs.com/

SSL cipher-suite settings:
http://support.microsoft.com/kb/245030
http://blogs.technet.com/b/steriley/archive/2007/11/06/changing-the-ssl-cipher-order-in-internet-explorer-7-on-windows-vista.aspx

 

how to add a google or bing search box to your website

Add a Simple Google, Yahoo! or Bing Search Box to Your Website

BY DAVID ELLIOT

http://www.developerdrive.com/2012/08/add-a-simple-google-yahoo-or-bing-search-box-to-your-website/
‘Search’ is the web’s most utilized and essential function. The major search engines process billions of keyword requests daily, but there are still some websites and blogs that have yet to incorporate the vital feature.

While customized search box solutions are offered by various business entities, I prefer to use only the results from major engines: Google, Yahoo!, or Bing. Many of the commercial packages employ a free trial period to entice buyers, which tends to include very prominently placed ads, a possible turn off for some of your site visitors.

Google Custom Search Engine

http://www.google.com/cse/

With Google Custom Search, add a search box to your homepage to help people find what they need on your website.

Add a Bing Search Box to your site in 3 easy steps
by Bing developer blog

http://www.bing.com/blogs/site_blogs/b/developer/archive/2010/03/22/add-a-bing-search-box-to-your-site-in-3-easy-steps.aspx

Request Filtering vs URLScan

UrlScan, a security tool, was provided as an add-on to earlier versions of Internet Information Services (IIS) so administrators could enforce tighter security policies on their Web servers. Within IIS 7 and above, all the core features of URLScan have been incorporated into a module called Request Filtering, and a Hidden Segments feature has been added..

  • It gives a tighter level of control over the settings and where they are applied.
  • It can be configured from the GUI as well as web.config file.


request-filtering

There are plenty of great resources online, I’ll provide some links for your reference below.

http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering

http://learn.iis.net/page.aspx/143/use-request-filtering/

http://learn.iis.net/page.aspx/504/using-enhanced-request-filtering-features-in-iis/

Fork me on GitHub