STIGQter: STIG Summary: Microsoft IIS 8.5 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Microsoft IIS 8.5 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-214452r508659_rule
V-214452
SRG-APP-000100-WSR-000064
IISW-SI-000210
CAT II
10
Follow the procedures below for each site hosted on the IIS 8.5 web server:
Access the IIS 8.5 web server IIS 8.5 Manager.
Select the website being reviewed.
Under "IIS", double-click the "Logging" icon.
Configure the "Format:" under "Log File" to "W3C".
Select the "Fields" button.
Under "Standard Fields", select "User Agent", "User Name" and "Referrer".
Under "Custom Fields", select the following fields:
Request Header >> Authorization
Response Header >> Content-Type
Click "OK".
Select "Apply" from the "Actions" pane.
Follow the procedures below for each site hosted on the IIS 8.5 web server:
Access the IIS 8.5 web server IIS 8.5 Manager.
Under "IIS", double-click the "Logging" icon.
Verify the "Format:" under "Log File" is configured to "W3C".
Select the "Fields" button.
Under "Standard Fields", verify "User Agent", "User Name" and "Referrer" are selected.
Under "Custom Fields", verify the following fields have been configured:
Request Header >> Authorization
Response Header >> Content-Type
If any of the above fields are not selected, this is a finding.
V-214452
False
IISW-SI-000210
Follow the procedures below for each site hosted on the IIS 8.5 web server:
Access the IIS 8.5 web server IIS 8.5 Manager.
Under "IIS", double-click the "Logging" icon.
Verify the "Format:" under "Log File" is configured to "W3C".
Select the "Fields" button.
Under "Standard Fields", verify "User Agent", "User Name" and "Referrer" are selected.
Under "Custom Fields", verify the following fields have been configured:
Request Header >> Authorization
Response Header >> Content-Type
If any of the above fields are not selected, this is a finding.
M
4001