The IIS 10.0 web server Indexing must only index web content.
An XCCDF Rule
Description
The indexing service can be used to facilitate a search function for websites. Enabling indexing may facilitate a directory traversal exploit and reveal unwanted information to a malicious user. Indexing must be limited to web document directories only.
- ID
- SV-218809r961167_rule
- Version
- IIST-SV-000139
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Run MMC.
Add the Indexing Service snap-in.
Edit the indexed directories to only include web document directories.