0 Replies Latest reply on Apr 24, 2009 7:27 AM by jdcyclone1

    IIS6 - W3C Compliant - WebHelp Explosions

    jdcyclone1 Level 1

      Here's an interesting issue that I would like to hear everyone's opinions regarding. I received an e-mail from my client's networking guy the other day stating that he was getting a random error every now and again when clicking on multiple topics in the WebHelp I created. I was confused BEYOND BELIEF! I had never run into a problem with this before, and I've created tons of help systems in the past. I would be interested to hear what you all think I could have done differently to prevent this from occuring. (Don't check the W3C Compliant checkbox, etc) It's a very interesting use case....and hopefully this helps someone else who may run into such a situation.

       

      Error.jpg

       

      He sent me this e-mail this morning saying that it's fixed...

       

      Error Message

      The issue with the error message showing after a number of page hits has been fixed.  The issue is with the headers on each file.  They are not proper for IIS6 due to a major flaw in IIS6.  I verified this without creating a virtual directory which means that these pages are served up as pure html and bypass my security.

       

      The solution is to delete the first 5 lines of every file and replace with the following.

      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

       

      The lines being removed are:

      <?xml version="1.0" encoding="utf-8"?>

      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

      <!-- saved from url=(0014)about:internet -->

      <html xmlns="http://www.w3.org/1999/xhtml">

       

      There is an article at http://w3.org/brief/MTE2 that explains this issue.  Basically, IIS is downloading the instructions on how to handle an XML formatted document from the w3 site every time a page is requested.  Since this document never changes, these unnecessary downloads are being treated as a Denial Of Service attack and our server’s IP eventually gets blocked.  The header that we are now using is more appropriate anyway.