Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-2260 | WG310 IIS7 | SV-32333r1_rule | ECLP-1 | Low |
Description |
---|
Search engines are constantly at work on the Internet. Search engines are augmented by agents, often referred to as spiders or bots, which endeavor to capture and catalog web-site content. In turn, these search engines make the content they obtain and catalog available to any public web user. Such information in the public domain defeats the purpose of a limited or Certificate-based web server, provides information to those not authorized access to the web-site, and could provide clues of the site’s architecture to malicious parties. |
STIG | Date |
---|---|
IIS 7.0 WEB SITE STIG | 2011-08-19 |
Check Text ( C-32739r1_chk ) |
---|
1. Open the IIS Manager. 2. Click the site name under review. 3. If the Search Engine Optimization option exists, then this is a finding. 4. Click the View Content tab. If the file robots.txt is not present or does not contain the line disallow robots, this is a finding. |
Fix Text (F-29066r1_fix) |
---|
1. Open the IIS Manager. 2. Click the site name under review. 3. Remove the Search Engine Optimization option. 4. Add a robots.txt file to the web-site root directory containing the line disallow robots. |