UCF STIG Viewer Logo

The maximum queue length for HTTP.sys for each IIS 8.5 website must be explicitly configured.


Overview

Finding ID Version Rule ID IA Controls Severity
V-214489 IISW-SI-000256 SV-214489r879887_rule Medium
Description
In order to determine the possible causes of client connection errors and to conserve system resources, it is important to both log errors and manage those settings controlling requests to the application pool.
STIG Date
Microsoft IIS 8.5 Site Security Technical Implementation Guide 2022-12-09

Details

Check Text ( C-15698r766887_chk )
If this IIS 8.5 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable.

Open the IIS 8.5 Manager.

Perform for each Application Pool.

Click the "Application Pools".

Highlight an Application Pool to review and click "Advanced Settings" in the "Actions" pane.

Scroll down to the "General" section and verify the value for "Queue Length" is set to 1000.

If the "Queue Length" is set to "1000" or less, this is not a finding.
Fix Text (F-15696r766888_fix)
Open the IIS 8.5 Manager.

Click the "Application Pools".

Highlight an Application Pool to review and click "Advanced Settings" in the "Actions" pane.

Scroll down to the "General" section and set the value for "Queue Length" to "1000" or less.

Click "OK".