UCF STIG Viewer Logo

Web sites must limit the number of simultaneous requests.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2240 WG110 IIS6 SV-29997r1_rule ECSC-1 Medium
Description
Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, which can facilitate a Denial of Service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive.
STIG Date
IIS6 Site 2014-12-10

Details

Check Text ( C-37410r1_chk )
1. Open the Internet Information Services Manager.
2. Right click on the web site for review > Select properties > Select the performance tab.
3. Under web site connections ensure unlimited is NOT selected.

If unlimited is selected, this is a finding.
Fix Text (F-32646r1_fix)
1. Open the Internet Information Services Manager.
2. Right click on the web site for review > Select properties > Select the performance tab.
3. Under web site connections select the Connections limited to radio button and enter the desired number of simultaneous connections.