Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-100233 | IIST-SI-000228 | SV-109337r1_rule | Medium |
Description |
---|
Setting limits on web requests ensures availability of web services and mitigates the risk of buffer overflow type attacks. The allow high-bit characters Request Filter enables rejection of requests containing non-ASCII characters. |
STIG | Date |
---|---|
Microsoft IIS 10.0 Site Security Technical Implementation Guide | 2020-06-08 |
Check Text ( C-99087r1_chk ) |
---|
Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. If the "Allow high-bit characters" check box is checked, this is a finding. Note: If this IIS 10.0 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable. |
Fix Text (F-105919r1_fix) |
---|
Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. Uncheck the "Allow high-bit characters" check box. |