February, 2010

Posts
  • CarlosAg Blog

    Announcing: IIS SEO Toolkit v1.0.1

    • 5 Comments

    Last week we released a refresh for the IIS Search Engine Optimization (SEO) Toolkit v1.0. This version is a minor update that includes fixes for all the important bugs reported in the IIS.NET SEO Forum.

    Some of the fixes included in this version are:

    1. Pages sending the XHTML content type 'application/xhtml+xml' are not parsed correctly as HTML causing their links and violations to be empty.
    2. Report Analysis fails if the META tags include certain characters.
    3. <style> tag is not parsed correctly if it is empty causing Invalid Markup violations to be flagged incorrectly.
    4. Memory is not released when the "Store Copies of analyzed web pages locally" button is unchecked.
    5. HTML with leading empty lines and doctype fails to parse correctly causing their links and violations to be empty.
    6. Internal Link criteria option of "host: <sitename> and subdomains (*.<sitename>)" fails to work as expected under certain configurations.
    7. System.NullReferenceException when content attribute is misisng in Meta tag
    8. Windows authentication does not work with servers configured with NTLM or Kerberos only challenge.
    9. External META tags are stored in the report making it cumbersome to use the important ones.
    10. Several localization related bugs.
    11. DTD error when navigating to the Sitemap and Sitemap Index User Interface.
    12. And others…

    This release is compatible with v1.0 RTM and it will upgrade if already installed. So go ahead and install the new version using Web Platform Installed by clicking: http://go.microsoft.com/?linkid=9695987

     

    Learn more about it at: http://www.iis.net/expand/SEOToolkit

  • CarlosAg Blog

    IIS SEO Toolkit: Find warnings of HTTP content linked by pages using HTTPS

    • 0 Comments

    Are you an developer/owner/publisher/etc of a site that uses HTTPS (SSL) for secure access? If you are, please continue to read.

    Have you ever visited a Web site that is secured using SSL (Secure Sockets Layer) just to get an ugly Security Warning message like:

    Do you want to view only the webpage content that was delivered securely?

    This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.

    image

    How frustrating is this for you? Do you think that end-users know what is the right answer to the question above? Honestly, I think it actually even feels like the Yes/No buttons and the phrasing of the question would cause me to click the wrong option.

    What this warning is basically trying to tell the user is that even though he/she navigated to a page that you thought was secured by using SSL, the page is consuming resources that are coming from an unsecured location, this could be scripts, style-sheets or other types of objects that could potentially pose a security risk since they could be tampered on the way or come from different locations.

    As a site owner/developer/publisher/etc should always make sure that you are not going to expose your customers to such a bad experience, leaving them with an answer that they can’t possibly choose right. For one if they ‘choose Yes’ they will get an incomplete experience being broken images, broken scripts or something worse; otherwise they can ‘choose No’ which is even worse since that means you are actually teaching them to ignore this warnings which could indeed in some cases be real signs of security issues.

    Bottom-line it should be imperative that any issue like this should be treated as a bug and fixed in the application if possible.

    But the big question is how do you find these issues? Well the answer is very simple yet extremely time consuming, just navigate to every single page of your site using SSL and as you do that examine every single resource in the page (styles, objects, scripts, etc) and see if the URL is pointing to a non-HTTPS location.

    Enter the IIS Search Engine Optimization (SEO) Toolkit.

    The good news is that using the SEO Toolkit is extremely simple to find these issues.

    1. To do that just start a new Analysis using the IIS SEO Toolkit using the HTTPS URL of your site, for example: https://www.example.com/
    2. Once the analysis is over just select the option “Query->Open Query” and open the following XML file:
    3. <?xml version="1.0" encoding="utf-8"?>
      <query dataSource="links">
       
      <filter>
         
      <expression field="LinkingUrl" operator="Begins" value="https://" />
          <
      expression field="LinkedUrl" operator="Begins" value="http://" />
          <
      expression field="LinkType" operator="NotEquals" value="Link" />
          <
      expression field="LinkType" operator="NotEquals" value="Rss" />
        </
      filter>
       
      <displayFields>
         
      <field name="LinkingUrl" />
          <
      field name="LinkedUrl" />
          <
      field name="LinkedStatus" />
          <
      field name="LinkType" />
        </
      displayFields>
      </query>
    4. Just by doing that it will open a Query Window that will show all the links in your site that have such a problem. Note that the query simply looks for all the resources that are being linked by a URL that begins with HTTPS and that the target resource is using HTTP and that are not normal links (since they do not have that problem).
    5. This is how my quick repro looks like. Note that it actually tells you the type of resource it is (an image and a style in this case). Additionally if you double click the row it will show you exactly the place in the markup where the problem occurs so you can easily fix it.

    image

    Summary

    Using the IIS SEO Toolkit and it powerful Query Engine you can easily detect conditions on your site that otherwise would take an incredible amount of time and that would be prohibitively expensive to do constantly.

Page 1 of 1 (2 items)