STIGQter STIGQter: STIG Summary: Microsoft IIS 8.5 Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The IIS 8.5 MaxConnections setting must be configured to limit the number of allowed simultaneous session requests.

DISA Rule

SV-214442r508658_rule

Vulnerability Number

V-214442

Group Title

SRG-APP-000001-WSR-000001

Rule Version

IISW-SV-000200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Access the IIS 8.5 IIS Manager.

Click the IIS 8.5 server.

Select "Configuration Editor" under the "Management" section.

From the "Section:" drop-down list at the top of the configuration editor, locate "system.applicationHost/sites".

Expand "siteDefaults".
Expand "limits".

Set the "maxconnections" parameter to a value greater than zero.

Check Contents

Access the IIS 8.5 IIS Manager.

Click the IIS 8.5 server.

Select "Configuration Editor" under the "Management" section.

From the "Section:" drop-down list at the top of the configuration editor, locate "system.applicationHost/sites".

Expand "siteDefaults".
Expand "limits".

Review the results and verify the value is greater than zero for the "maxconnections" parameter.

If the maxconnections parameter is set to zero, this is a finding.

Vulnerability Number

V-214442

Documentable

False

Rule Version

IISW-SV-000200

Severity Override Guidance

Access the IIS 8.5 IIS Manager.

Click the IIS 8.5 server.

Select "Configuration Editor" under the "Management" section.

From the "Section:" drop-down list at the top of the configuration editor, locate "system.applicationHost/sites".

Expand "siteDefaults".
Expand "limits".

Review the results and verify the value is greater than zero for the "maxconnections" parameter.

If the maxconnections parameter is set to zero, this is a finding.

Check Content Reference

M

Target Key

4000

Comments