3.14 - Maximum Message Size is not set - Maximum Message Size

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Maximum Message Size sets the maximum number of bytes allowed in messages that are received over all supported protocols, unless overridden by a protocol-specific setting or a custom channel setting. Restricting the number of bytes allowed prevents the likelihood of a denial-of-service attack.

If the allowed size of a message is too large, a malicious user can cause a denial-of-service attack by attempting to force the server to allocate more memory than is available, thus keeping the server from responding quickly to other requests.

Solution

1. Login to the Administration Console.
2. In the Change Center, click Lock & Edit.
3. In the left pane, select the Domain name > Environment > Servers.
4. For each server in the domain, repeat steps 5-8.
5. Click on the Server name.
6. Click on Protocols > General.
7. Ensure that the 'Maximum Message Size' is set to [10000000].
8. Now select Protocols > HTTP.
9. Ensure that the HTTP Maximum Message Size is not greater than 10000000 bytes.
10. Click Save.
11. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5

Plugin: Windows

Control ID: b1321ff27dda1b3fe95af1f8da0a33a303e9d9203e0c242cd3005928460f095d