The HTTP CONNECT tunnel

Posted on Aug 12, 2018

HTTPS is widely used on Internet to secure the data being transferred. However, when a browser needs to send a HTTPS request through proxy, since the request hostname and port number are all encrypted in HTTPS request header and even the proxy cannot get them, then how does the proxy know where to send client's request? To solve this problem, the browser sends a HTTP request with method CONNECT and the target hostname and port number to the proxy. When receiving the CONNECT request, the proxy establishes a TCP connection to the requested hostname on the specified port and then returns HTTP 200 response to tell the browser the requested connection was made. After that, the proxy should just blindly forward the packets back and forth between the client and the server without looking at them until the tunnel is closed. Read all

IE11 Migration Guide: How to solve compatibility issue?

Posted on Sep 16, 2016

Before solving website compatibility issue in IE11, we need to understand the nature of compatibiltiy issue and our target. Most webpage compatibility issues in IE11 can be divided into following two scenarios: Read all

IE11 Migration Guide: Web page layout broken issue due to "Natural Metrics" in IE11

Posted on Aug 20, 2016

After upgrading to IE11, web page layout may be broken. The most common reason is the web page runs in a newer document mode in IE11. However, the layout issue might still occur even if the document mode is same as before. This is because IE11 uses natural metrics for font rendering while previous IE versions use Windows Graphics Device Interface (GDI) metrics. Read all

How to create an IIS website that requires client certificate using self-signed certificates

Posted on Jul 31, 2016

Some IE/IIS issues may involve client certificate. It always took me hours to deploy a test website that requires client certificate. Therefore, I am going to write this blog to record every steps including: creating self-signed root CA, server certificate, client certificate and configuring IIS. Read all

IE11 Migration Guide: Everything you need to know about IE11 Enterprise Mode

Posted on Jan 27, 2016

Compatibility view is unable to resolve all compatibility issues in Internet Explorer 11. Enterprise Mode was first introduced in April 2014 IE11 cumulative security update. It was originally aimed at emulating the behaviors of IE7 and IE8 to avoid the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. Later update of this feature added the ability to specify the document mode (5~11) for a certain website. In order to use comprehensive functions of Enterprise Mode, please first update IE11 to the latest version: KB4018271. Read all

IE11 Migration Guide: Understanding Compatibility View and Local Intranet Zone

Posted on Nov 19, 2015

Compatibility View is the most common backward compatible solution in Internet Explorer, it can be configured by Compatibility View Settings, Group Policy and Local intranet security zone. We can control some of the sub-domains to be displayed in Compatibility View and some of them not by using these configurations. Read all

IE11 Migration Guide: Understanding Browser Mode, Document Mode, User-Agent and X-UA-Compatible

Posted on Nov 04, 2015

Browser Mode determines the User-Agent that Internet Explorer sends to servers and the document mode Internet Explorer defaults to. This article is going to explain the relationship between them in detail. Read all

How to resolve "SEC7111: HTTPS security is compromised by (null)" error in IE11

Posted on Oct 21, 2015

I recently encountered an issue that a webpage does not function in IE11 with exception "SEC7111: HTTPS security is compromised by (null)". It turned out it was caused by using document.write() function in the HTTPS webpage. Read all

String starting with "JavaScript:" would cause false alarm of IE XSS filter

Posted on Jun 12, 2015

Recently I was adding comment function to my blog article pages, IE always prompted message: "Internet Explorer has modified this page to help prevent cross-site scripting" when browsing a specific article page. After debugging by Fiddler, I found the reason was that the article title began with: JavaScript:, which triggered the XSS filter considering it as a javascript protocol string and blocking the web page. Actually the title was just a normal string without any script code. Read all

IE11 Migration Guide: Create Internet Explorer 11 batch deployment package

Posted on Apr 15, 2015

Beginning January 12, 2016, older versions of IE browser (8~10) will not be supported anymore. A growing number of enterprises and individual customers start migrating to Internet Explorer 11. Upgrading to IE11 is an easy job for individual customers, however it could be challenging to IT administrators in large enterprise as they need to ensure the success of hundreds and thousands PCs. Read all