STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 8.5 web server must not be both a website server and a proxy server.

DISA Rule

SV-214409r508658_rule

Vulnerability Number

V-214409

Group Title

SRG-APP-000141-WSR-000076

Rule Version

IISW-SV-000119

Severity

CAT II

CCI(s)

CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

Fix Recommendation

Open the IIS 8.5 Manager.

Under the "Connections" pane on the left side of the management console, select the IIS 8.5 web server.

Under the IIS installed features, "Application Request Routing Cache" is present, double-click the icon to open the feature.

From the right "Actions" pane, under "Proxy", select "Server Proxy Settings...".

In the "Application Request Routing" settings window, remove the check from the "Enable proxy" check box.

Click "Apply" in the "Actions" pane.

Check Contents

Open the IIS 8.5 Manager.

Under the "Connections" pane on the left side of the management console, select the IIS 8.5 web server.

If, under the IIS installed features, "Application Request Routing Cache" is not present, this is not a finding.

If, under the IIS installed features, "Application Request Routing Cache" is present, double-click the icon to open the feature.

From the right "Actions" pane, under "Proxy", select "Server Proxy Settings...".

In the "Application Request Routing" settings window, verify whether "Enable proxy" is selected.

If “Enable proxy" is selected under the "Application Request Routing" settings, this is a finding.

The IIS 8.5 web server must not be both a website server and a proxy server.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments