Rule ID
SV-218756r1210388_rule
Version
V2R16
CCIs
Setting limits on web requests ensures availability of web services and mitigates the risk of buffer overflow type attacks. The allow high-bit characters Request Filter enables rejection of requests containing non-ASCII characters.
Note: If either of the following is true, this requirement is Not Applicable: - The server being reviewed is hosting SharePoint. - This IIS 10.0 installation is supporting Microsoft Exchange and not otherwise hosting any content. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. If the "Allow high-bit characters" check box is checked, this is a finding.
Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click "Edit Feature Settings" in the "Actions" pane. Uncheck the "Allow high-bit characters" check box.