The IIS 10.0 web server must be tuned to handle the operational requirements of the hosted application.

An XCCDF Rule

Description

<VulnDiscussion>A Denial of Service (DoS) can occur when the web server is overwhelmed and can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the web server must be tuned to handle the expected traffic for the hosted applications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-218819r1022659_rule
Severity: Medium
References: CCI-002385
Updated: 17 days ago

Access the IIS 10.0 web server registry.

Verify the following keys are present and configured. The required setting depends upon the requirements of the application. These settings must be explicitly configured to show a conscientious tuning has been made.

Navigate to HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\
Configure the following registry keys to levels to accommodate the hosted applications.

Create REG_DWORD "URIEnableCache"
Create REG_DWORD "UriMaxUriBytes"
Create REG_DWORD "UriScavengerPeriod"

The IIS 10.0 web server must be tuned to handle the operational requirements of the hosted application.

Description

Remediation - Manual Procedure