| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-12 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-IIS10_0_Site_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: Site: Default Web Site ResultHash: 2F23BA53ABD5080AF448F9773A244BEC788276EC ~~~~~ Denied file extensions: ----------------------------------- FileExtension: .asax Allowed: False FileExtension: .ascx Allowed: False FileExtension: .master Allowed: False FileExtension: .skin Allowed: False FileExtension: .browser Allowed: False FileExtension: .sitemap Allowed: False FileExtension: .config Allowed: False FileExtension: .cs Allowed: False FileExtension: .csproj Allowed: False FileExtension: .vb Allowed: False FileExtension: .vbproj Allowed: False FileExtension: .webinfo Allowed: False FileExtension: .licx Allowed: False FileExtension: .resx Allowed: False FileExtension: .resources Allowed: False FileExtension: .mdb Allowed: False FileExtension: .vjsproj Allowed: False FileExtension: .java Allowed: False FileExtension: .jsl Allowed: False FileExtension: .ldb Allowed: False FileExtension: .dsdgm Allowed: False FileExtension: .ssdgm Allowed: False FileExtension: .lsad Allowed: False FileExtension: .ssmap Allowed: False FileExtension: .cd Allowed: False FileExtension: .dsprototype Allowed: False FileExtension: .lsaprototype Allowed: False FileExtension: .sdm Allowed: False FileExtension: .sdmDocument Allowed: False FileExtension: .mdf Allowed: False FileExtension: .ldf Allowed: False FileExtension: .ad Allowed: False FileExtension: .dd Allowed: False FileExtension: .ldd Allowed: False FileExtension: .sd Allowed: False FileExtension: .adprototype Allowed: False FileExtension: .lddprototype Allowed: False FileExtension: .exclude Allowed: False FileExtension: .refresh Allowed: False FileExtension: .compiled Allowed: False FileExtension: .msgx Allowed: False FileExtension: .vsdisco Allowed: False FileExtension: .rules Allowed: False Allowed file extensions: ----------------------------------- None Comments |
|||||
Check Text
Note: If the server being reviewed is hosting SharePoint, this is Not Applicable. For Request Filtering, the ISSO must document and approve all allowable scripts the website allows (white list) and denies (black list). The white list and black list will be compared to the Request Filtering in IIS 10.0. Request Filtering at the site level take precedence over Request Filtering at the server level. Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name to review. Double-click Request Filtering->File Name Extensions Tab. If any script file extensions from the black list are not denied, this is a finding.
Fix Text
Follow the procedures below for each site hosted on the IIS 10.0 web server: Open the IIS 10.0 Manager. Click the site name to review. Double-click Request Filtering->File Name Extensions Tab->Deny File Name Extension. Add any script file extensions listed on the black list that are not listed. Select "Apply" from the "Actions" pane.