Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Non-ASCII characters in URLs must be prohibited by any IIS 8.5 website.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-76823 | IISW-SI-000228 | SV-91519r1_rule | Medium |
| Description |
|---|
| By setting limits on web requests, it ensures availability of web services and mitigates the risk of buffer overflow type attacks. The allow high-bit characters Request Filter enables rejection of requests containing non-ASCII characters. |
| STIG | Date |
|---|---|
| IIS 8.5 Site Security Technical Implementation Guide | 2019-10-01 |
Details
| Check Text ( C-76479r1_chk ) |
|---|
| Follow the procedures below for each site hosted on the IIS 8.5 web server: Open the IIS 8.5 Manager. Click on the site name. Double-click the "Request Filtering" icon. Click “Edit Feature Settings” in the "Actions" pane. If the "Allow high-bit characters" check box is checked, this is a finding. |
| Fix Text (F-83519r1_fix) |
|---|
| Follow the procedures below for each site hosted on the IIS 8.5 web server: Open the IIS 8.5 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click “Edit Feature Settings” in the "Actions" pane. Uncheck the "Allow high-bit characters" check box. |