I'm getting a periodic issue with my IIS hosted website whereby one of my clients browsers (Google Chrome 77/78 or higher) suddenly begins submitting dozens of requests per second to my website for the same page.
The user is always a valid, authenticated user with my application. The requests also don't seem to follow any standard pattern that I can determine from our logs. For instance, it's not a authorization redirect issue for instance, it's almost like the browser is sending through dozens of requests which have somehow been initiated by the user. For instance, opening a bookmarked version of our page dozens of times.
Looking at the request details I can see the following fetch headers:
HTTP_SEC_FETCH_USER: ?1
HTTP_SEC_FETCH_SITE: none
HTTP_SEC_FETCH_MODE: navigate
Which from what I can understand means that the action was user-initiated, and that it did not come from my own application, in terms of a ajax request or page refresh. I can only get the above combination of fetch headers when I open my page in a new tab in Chrome for instance.
Could this actually be related to the Chrome browser itself? I cannot replicate the issue in development, but it's happened a few times now and I'm not sure where to start in terms of determing a cause.
As other users have pointed out in comments, this can be in fact caused by Mobile Chrome Predictive Loading mechanism.
A recent version of Chrome for Android (78.0.3924.108) has experimented with predictive loading, changing the rules when links are selected for prefetching. This can cause arbitrary links to be "loaded" (issuing a GET request, distorting stats and causing any side effect that action has) without any user input when visiting your website.
This has been rolling out over the past week, and has caused many issues in many different scenarios (logging users out, clicking on paid or aggregator links, etc.)
More info on the Chromium issue tracker:
https://bugs.chromium.org/p/chromium/issues/detail?id=1027991
Requests made by prefetching issue a Purpose: prefetch header - at least by Chrome, other browsers might issue other headers
This has since then been fixed today morning (25th november 2019).
Related
For some reason, Google Chrome sends 2 requests to every webpage on my solution. I originally experienced this issue on an MVC web application but then I made a test project without using MVC and this continued to happen.
This does not happen with Edge or Internet Explorer.
Did anybody experience the same problem and how did you go about it?
Most of my research pointed in the direction of having an href="#" tag that would cause the browser to reload the page but this is not the case in my situation.
This normally would not be an issue, but it seems to be causing the AntiForgeryRequestToken to not get validated
2 requests means the total SAME requests or an 'OPTIONS' method and a normal medthod?
if you are in the second situation, you will need use IIS/ngnix to Url Rewrite to make sure your chrome Url and your ajax request url are in the same domain.
Custom table's data hangs on the loading screen after saving any changes. This is happening on some of tables and it seems that the majority of records are saved, however I have noticed a couple that didn't save within some custom table until reapplying the change!
I was wondering what can cause the issue.
I have found the issue using browser's developer tools.
Issue
Clicking save button was creating
Mixed Content: The page at 'https://address' was loaded over HTTPS, but requested an insecure form action 'http://address'. This request has been blocked; the content must be served over HTTPS. JS error on the browser and browser was blocking the content. However, the form action was not pointing to absolute URL address.
Solution
As the server SSL config was fine, therefore, there was not any other way than changing core CustomTableForm.ascx.cs Kentico file. Although it is not recommended. The problem solved by developing RedirectUrlAfterSave property of customTableFormobject to make sure it will redirect correct protocol instead of Absolute URL
Hope it will help you guys.
This was just brought to my attention, not sure how I missed it before. So, I will post my answer just for the future reference :-)
I guess there is some SLL offloading going on before the actual IIS where Kentico is running. In this case, SSL Accelerator must be implemented. The link goes to Xperience 13 version but the same idea applies for older versions. Just use the version selector in the top bar - there could be some API differences.
And the same applies e.g. when uploading media files - the browser console will show mixed content warning. This is for security reasons. Browser sees the HTTPS but behind the offloader there is HTTP communication and the GetAbsoluteURL method takes the protocol from the request. Thus, mixed content. Using the ssl accelerator will tell Kentico to use HTTPS internally.
I have built a robots.txt crawler which extracts the urls out of robots and then loads the page with some post processing once the page is done. This all happens quite fast, and I can extract information from 5 pages per second.
In the event a website doesn't have a robots.txt I use Abot Web Crawler instead. The problem is Abot is far slower than the direct robots.txt crawler. It seems when Abot hits a page with lots of links, it schedules each link very slowly. With some pages taking 20+ seconds to queue all and run the post process as mentioned above.
I use the PoliteWebCrawler which is configured to not crawl external pages. Should I instead be crawling multiple websites at once or is there another, faster solution to Abot?
Thanks!
Added a patch to Abot to fix issues like this one. Should be available in nuget version 1.5.1.42. See issue #134 for more details. Can you verify this fixed your issue?
Is it possible that the site you are crawling cannot handle lots of concurrent requests? A quick test would be to open a browser and start clicking around the site while Abot is crawling it. If the browser is noticeably slower then the server is showing signs of the load.
If that is the issue, you need to slow the crawl down through the configuration settings.
If not, can you give a url of a site or page that is being crawled slowly? Abot's full configuration would also be helpful.
I have a website that requires some secure pages for logging in, user accounts, form submission etc. but does not need to be secure on most pages.
Certificate purchased and installed on www.mywebsite.com.
I am currently redirecting users to the https by using this C# code in the page_load:
if (!Request.IsLocal && !Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
Response.Redirect(redirectUrl);
}
My concern is that after visiting the secure page and the user clicks on another page, it stays secure rather than going back to http.
I have looked at a number of options including IIS rewrite (it's like a whole other language and too complicated) and coding something globally (redirects every page, not selective).
Is there a simple solution that will allow me to redirect to https on selected pages (about 10 or so pages, or all pages in a particular folder) and then back to http on all others? I'm not the greatest coder in the world, so trying to find something easy to implement and understand.
If any portion of your website requires SSL, then I would strongly recommend that you use SSL throughout. You would be unnecessarily opening yourself up to potential data loss by doing anything else. Check out OWASP Top Ten for more info.
you can use HTTP Handlers to solve this issues instead of having the code on each page load
I am thinking about working with remote data and receive or send data actually in external web sites. exists a large amount of examples in World Wide Web are working. For example: free online web tools like web stats OR Google's AdSense .... .you know in such web services some code will generate for publishers and the publisher put generated code in her BODY of web page document(HTML file) and the system after that will work. we can have count of visits for home pages, count of clicks on advertisements and so on.now this is my question: How such systems Work? and how can I investigate and search about them to find out how to program them? can you suggest me some keywords? Which Titles should I looking for? and which Technologies is relevant to this kind of programming? Exactly I want to find some relevant references to learn and start some experiences on these systems. if my Q is not Clear I will Explain it more if you want...Help me I am confused.
Consider that I am an Programmer want to program such a systems not to use them.
There are a few different ways to track clicks.
Redirection Tracking
One is to link the advertisement (or any link) to a redirection script. You would normally pass it some sort of ID so it knows which URL it should forward to. But before redirecting the user to that page it can first record that click in a database where it can store the users IP, timestamp, browser information, etc. It will then forward the user (without them really knowing) to the specified URL.
Advertisement ---> Redirection Script (records click) ---> Landing Page
Pixel Tracking
Another way to do it is to use pixel tracking. This is where you put a "pixel" or a piece of Javascript code onto the body of a webpage. The pixel is just an image (or a script posing as an image) which will then be requested by the user visiting the page. The tracker which hosts the pixel can record the relevant information by that image request. Some systems will use Javascript instead of an image (or they use both) to track clicks. This may allow them to gain slightly more information using Javascript's functions.
Advertisement ---> Landing Page ---> User requests pixel (records click)
Here is an example of a pixel: <img src="http://tracker.mydomain.com?id=55&type=png" />
I threw in the png at the end because some systems might require a valid image filetype.
Hidden Tracking
If you do not want the user to know what the tracker is you can put code on your landing page to pass data to your tracker. This would be done on the backend (server side) so it is invisible to the user. Essentially you can just "request" the tracker URL while passing relevant data via the GET parameters. The tracker would then record that data with very limited server load on the landing page's server.
Advertisement ---> Landing Page requests tracker URL and concurrently renders page
Your question really isn't clear I'm afraid.
Are you trying to find out information on who uses your site, how many click you get and so one? Something like Google Analytics might be what you are after - take a look here http://www.google.com/analytics/
EDIT: Adding more info in response to comment.
Ah, OK, so you want to know how Google tracks clicks on sites when those sites use Google ads? Well, a full discussion on how Google AdSense works is well beyond me I'm afraid - you'll probably find some useful info on Google itself and on Wikipedia.
In a nutshell, and at a very basic level, Google Ads work by actually directing the click to Google first - if you look at the URL for a Google ad (on this site for example) you will see the URL starts with "http://googleads.g.doubleclick.net..." (Google own doubleclick), the URL also contains a lot of other information which allows Google to detect where the click came from and where to redirect you to see the actual web site being advertised.
Google analytics is slightly different in that it is a small chunk of JavaScript you run in your page, but that too basically reports back to Google that the page was clicked on, when you landed there and how long you spend on a page.
Like I said a full discussion of this is beyond me I'm afraid, sorry.