IISW-SV-000119 - The IIS 8.5 web server must not be both a website server and a proxy server.

Information

A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack making the attack anonymous.

Solution

Open the IIS 8.5 Manager.

Under the 'Connections' pane on the left side of the management console, select the IIS 8.5 web server.

Under the IIS installed features, 'Application Request Routing Cache' is present, double-click the icon to open the feature.

From the right 'Actions' pane, under 'Proxy', select 'Server Proxy Settings...'.

In the 'Application Request Routing' settings window, remove the check from the 'Enable proxy' check box.

Click 'Apply' in the 'Actions' pane.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_IIS_8-5_Y23M10_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-214409r879587_rule, STIG-ID|IISW-SV-000119, STIG-Legacy|SV-91399, STIG-Legacy|V-76703, Vuln-ID|V-214409

Plugin: Windows

Control ID: b91512b540a2a8451b7c9745d947c9781de025fa02f49b3b0c0439c6aa27e814