Logging is often an overlooked performance drain on systems requiring high throughput. Here’s a simple change to the default Tomcat logging configuration to implement. It works on all operating systems.
In the file:
$TOMCAT_HOME/conf/logging.properties
Change:
.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
to
.handlers = 1catalina.org.apache.juli.FileHandler
REFERENCES:
Categories: WebStandards, Work Tags: apache, configuration, linux, logging, performance, properties, server, tomcat, ubuntu, windows
Yahoo! initially introduced a CSS class that can be used to notify robots/spiders that a specific section or fragment of content should not be included for search purposes.
class=”robots-noindex”
REFERENCES:
Categories: WebStandards, Work Tags: class, content, crawler, css, fragment, index, portion, query, robots, search, section, seo, slurp, spider, yahoo
There are a few steps that I generally take to setup a new Tomcat server instance, this enables the following:
- The manager console
- HTTP compression
- UTF-8 encoding
Steps:
- tomcat-users.xml – add to bottom:
<role rolename="manager-gui"/>
<user username="tomcat" password="s3cr3t" roles="manager-gui"/>
-
server.xml – add compression and URIEncoding, change port if desired:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" compression="on" URIEncoding="UTF-8" />
- server.xml – relocate webapps by adding ../ to appBase
<Host name="localhost" appBase="../webapps"
unpackWARs="true" autoDeploy="true">
- Restart your server, on Ubuntu use:
sudo service tomcat7 restart
Categories: WebStandards, Work Tags: admin, compression, conf, config, encoding, manager, server, tomcat, ubuntu, unicode, uri, webapp
The use of CSS cursors within your browser based application or website is a great way to add feedback to the user to increase usability. This is increasingly important for AJAX applications that may be “busy” even when the user is not directly taking action within their browser.
These are all easily appended to classes in your CSS files:
- default
- auto
- inherit
- pointer
- crosshair
- text
- help
- move
- progress
- wait
- e-resize
- ne-resize
- n-resize
- nw-resize
- w-resize
- sw-resize
- s-resize
- se-resize
Partial (CSS3) support in current browsers:
- none
- all-scroll
- context-menu
- cell
- vertical-text
- alias
- copy
- no-drop
- not-allowed
- col-resize
- row-resize
- ew-resize
- ns-resize
- nesw-resize
- nwse-resize
NOTE: for very old browser, you can also set several attributes to allow for the supported one to be used.
.example {
cursor:hand;/* IE5-IE5.5 only support (dropped in IE9) */
cursor:pointer; /* IE6 and later */
}
REFERENCES:
I was scanning my server log files the other day and found that this old “bot” is still making the rounds. It help’s to shut the door on this with some configuration. It’s specifically looking for PHP vulnerabilities and is easily identified by the expletive in it’s User-Agent HTTP request headers.
REFERENCES:
This HTTP Header is a feature added by MSIE8 to force it to restrict some XSS vectors that can be disabled by the user. Generally you can add it into your webserver configuration.
X-XSS-Protection: 1; mode=block
REFERENCES:
Crossdomain access can be enabled in JavaScript with a mechanism similar to that in Flash. Instead of hosting a crossdomain.xml file though, crossdomain access is enabled per file, through an additional HTTP response header:
Access-Control-Allow-Origin: *
CORS is a more modern equivalent to JSONP for cross-domain XmlHttpRequests(AJAX) with options to limit domains, subdomains and ports.
Initial browser support:
- Firefox 3.5
- Chrome 4
- Safari 3.2
- MSIE 8
REFERENCES:
Categories: WebStandards, Work Tags: ajax, browser, cors, cross, crossdomain, domain, header, http, jsonp, origin, resource, sharing, xml, xmlhttprequest
Adobe FlashPlayer 7 added several security features. I first became aware of this one as I saw a large number of HTTP 404 errors for a file named ‘crossdomain.xml’ in my webserver logs.
If you use flash on your website, I’d suggest adding an appropriate copy of this file to limit your exposure to some potential security issues.
Restricted domains
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.example.com" />
<allow-access-from domain="example.com" />
</cross-domain-policy>
Open to all domains (not recommended, but fully backward compatible)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
REFERENCES:
Categories: WebStandards, Work Tags: acrobat, adobe, cross, crossdomain, domain, file, flash, http, logs, network, policy, server, xml
The use of non-traditional web fonts was once a very challenging task due to various browser specific implementations. Thankfully Google WebFonts have made this easy enough for most developers to add in a cross-browser manner in a matter of minutes.
WARNING, there are a few considerations to make here…
- Some browsers displays a blank space in place of the text that uses the font.
- … and then re-render text in the web font once it has loaded
Method 1: (most compatible, but cross-browser loading behavior varies)
<link href='http://fonts.googleapis.com/css?family=Ubuntu:400,700' rel='stylesheet' type='text/css' />
<style type="text/css">
h1,p { font-family: 'Ubuntu', sans-serif; }
</style>
Method 2: (requires javascript, but is consistent cross-browser)
<script type="text/javascript">
WebFontConfig = {
google: { families: [ 'Ubuntu Mono','Ubuntu' ] }
};
(function() {
var wf = document.createElement('script');
wf.src = ('https:' == document.location.protocol ? 'https' : 'http') + '://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js';
wf.type = 'text/javascript';
wf.async = 'true';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(wf, s);
})();
</script>
<style type="text/css">
h1 { font-family: 'Ubuntu Mono','Courier New',monospace; }
p { font-family: 'Ubuntu','sans-serif'; }
</style>
Categories: WebStandards, Work Tags: browser, compatible, cross, css, download, font, google, gwf, html, javascript, script
ECMAScript 5 added Strict Mode to JavaScript. Many of you may have first seen mention of this if you’ve used JSLint. It helps to remember that JavaScript still behaves much like an interpreted vs. compiled language as each browser/parser makes assumptions to execute code faster in different manners.
There are four primary features/goals of strict mode:
- Throws errors for some common coding issues, that are sometimes obscure but previously didn’t throw an error.
- Prevents or throws errors for potentially “unsafe” actions (such as gaining access to the global object).
- Disables functions that are confusing or poorly thought out
- Potentially code in strict mode could run faster by eliminating mistakes that would make it difficult for JavaScript engines to perform optimizations
Initial support added in FireFox 4 and MSIE10:
WARNING: if you chose to do this at a ‘file’ level, be sure to never concatenate several files together that are not ALL strict.
JS File Example:
"use strict";
function testFunction(){
var testvar = 1;
return testvar;
}
// This causes a syntax error.
testvar = 2;
JS Function Example:
function testFunction(){
"use strict";
// This causes a syntax error.
testvar = 1;
return testvar;
}
testvar = 2;
REFERENCES:
Categories: WebStandards, Work Tags: ecma, ecmascript, javascript, js, jslint, mode, performance, script, standards, strict, syntax, validation