An error occurred:

Check: WG110 IIS6

IIS6 Site: WG110 IIS6 (in version v6 r16)

Title

Web sites must limit the number of simultaneous requests. (Cat II impact)

Discussion

Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, which can facilitate a Denial of Service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive.

Check Content

1. Open the Internet Information Services Manager. 2. Right click on the web site for review > Select properties > Select the performance tab. 3. Under web site connections ensure unlimited is NOT selected. If unlimited is selected, this is a finding.

Fix Text

1. Open the Internet Information Services Manager. 2. Right click on the web site for review > Select properties > Select the performance tab. 3. Under web site connections select the Connections limited to radio button and enter the desired number of simultaneous connections.

Additional Identifiers

Rule ID: SV-29997r1_rule

Vulnerability ID: V-2240

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check