STIGQter STIGQter: STIG Summary: Microsoft IIS 10.0 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 10.0 websites MaxConnections setting must be configured to limit the number of allowed simultaneous session requests.

DISA Rule

SV-218826r561041_rule

Vulnerability Number

V-218826

Group Title

SRG-APP-000001-WSR-000001

Rule Version

IIST-SV-000200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Access the IIS 10.0 IIS Manager.

Click the IIS 10.0 server.

Select "Configuration Editor" under the "Management" section.

From the "Section:" drop-down list at the top of the configuration editor, locate "system.applicationHost/sites".

Expand "siteDefaults".
Expand "limits".

Set the "maxconnections" parameter to a value greater than zero.

Check Contents

Access the IIS 10.0 IIS Manager.

Click the IIS 10.0 server.

Select "Configuration Editor" under the "Management" section.

From the "Section:" drop-down list at the top of the configuration editor, locate "system.applicationHost/sites".

Expand "siteDefaults".
Expand "limits".

Review the results and verify the value is greater than zero for the "maxconnections" parameter.

If the maxconnections parameter is set to zero, this is a finding.

Vulnerability Number

V-218826

Documentable

False

Rule Version

IIST-SV-000200

Severity Override Guidance

Access the IIS 10.0 IIS Manager.

Click the IIS 10.0 server.

Select "Configuration Editor" under the "Management" section.

From the "Section:" drop-down list at the top of the configuration editor, locate "system.applicationHost/sites".

Expand "siteDefaults".
Expand "limits".

Review the results and verify the value is greater than zero for the "maxconnections" parameter.

If the maxconnections parameter is set to zero, this is a finding.

Check Content Reference

M

Target Key

4052

Comments