From IIS 8.5 Server Security Technical Implementation Guide
Part of SRG-APP-000141-WSR-000076
Associated with: CCI-000381
A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack making the attack anonymous.
Open the IIS 8.5 Manager. Under the "Connections" pane on the left side of the management console, select the IIS 8.5 web server. If, under the IIS installed features, "Application Request Routing Cache" is not present, this is not a finding. If, under the IIS installed features, "Application Request Routing Cache" is present, double-click the icon to open the feature. From the right "Actions" pane, under "Proxy", select "Server Proxy Settings...". In the "Application Request Routing" settings window, verify whether "Enable proxy" is selected. If “Enable proxy" is selected under the "Application Request Routing" settings, this is a finding.
Open the IIS 8.5 Manager. Under the "Connections" pane on the left side of the management console, select the IIS 8.5 web server. Under the IIS installed features, "Application Request Routing Cache" is present, double-click the icon to open the feature. From the right "Actions" pane, under "Proxy", select "Server Proxy Settings...". In the "Application Request Routing" settings window, remove the check from the "Enable proxy" check box. Click "Apply" in the "Actions" pane.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer