SV-218788r561041_rule
V-218788
SRG-APP-000099-WSR-000061
IIST-SV-000110
CAT II
10
Access the IIS 10.0 web server IIS Manager.
Click the IIS 10.0 web server name.
Under "IIS", double-click the "Logging" icon.
Verify the "Format:" under "Log File" is configured to "W3C".
Select the "Fields" button.
Under "Custom Fields", click the "Add Field..." button.
For each field being added, give a name unique to what the field is capturing.
Click on the "Source Type" drop-down list and select "Request Header".
Click on the "Source" drop-down list and select "Connection".
Click "OK" to add.
Click on the "Source Type" drop-down list and select "Request Header".
Click on the "Source" drop-down list and select "Warning".
Click "OK" to add.
Click "Apply" under the "Actions" pane.
Access the IIS 10.0 web server IIS Manager.
Click the IIS 10.0 web server name.
Under "IIS", double-click the "Logging" icon.
Verify the "Format:" under "Log File" is configured to "W3C".
Select the "Fields" button.
Under "Custom Fields", verify the following fields have been configured:
Request Header >> Connection
Request Header >> Warning
If any of the above fields are not selected, this is a finding.
V-218788
False
IIST-SV-000110
Access the IIS 10.0 web server IIS Manager.
Click the IIS 10.0 web server name.
Under "IIS", double-click the "Logging" icon.
Verify the "Format:" under "Log File" is configured to "W3C".
Select the "Fields" button.
Under "Custom Fields", verify the following fields have been configured:
Request Header >> Connection
Request Header >> Warning
If any of the above fields are not selected, this is a finding.
M
4052