WG110 IIS6 - Web sites must limit the number of simultaneous requests.

Information

Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, which can facilitate a Denial of Service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive.

Solution

1. Open the Internet Information Services Manager.
2. Right click on the web site for review > Select properties > Select the performance tab.
3. Under web site connections select the Connections limited to radio button and enter the desired number of simultaneous connections.

See Also

http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-10, CAT|II, Rule-ID|SV-29997r1_rule, STIG-ID|WG110_IIS6, Vuln-ID|V-2240

Plugin: Windows

Control ID: 7cc65d3178b81419ebe01c15b1386ed40e6a79984cc687f4d21493d187eafbf0