Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Web sites must limit the number of simultaneous requests.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2240 | WG110 IIS6 | SV-29997r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, which can facilitate a Denial of Service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive. |
| STIG | Date |
|---|---|
| IIS6 Site | 2015-06-01 |
Details
| Check Text ( C-37410r1_chk ) |
|---|
| 1. Open the Internet Information Services Manager. 2. Right click on the web site for review > Select properties > Select the performance tab. 3. Under web site connections ensure unlimited is NOT selected. If unlimited is selected, this is a finding. |
| Fix Text (F-32646r1_fix) |
|---|
| 1. Open the Internet Information Services Manager. 2. Right click on the web site for review > Select properties > Select the performance tab. 3. Under web site connections select the Connections limited to radio button and enter the desired number of simultaneous connections. |