Vulnerability V-218788

Note: If the server is hosting WSUS, this is Not Applicable. Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Custom Fields", verify the following fields have been configured: Request Header >> Connection. Request Header >> Warning. If any of the above fields are not selected, this is a finding.

Access the IIS 10.0 web server IIS Manager. Click the IIS 10.0 web server name. Under "IIS", double-click the "Logging" icon. Verify the "Format:" under "Log File" is configured to "W3C". Select "Fields". Under "Custom Fields", click "Add Field...". For each field being added, give a name unique to what the field is capturing. Click on the "Source Type" drop-down list and select "Request Header". Click the "Source" drop-down list, and select "Connection". Click "OK" to add. Click the "Source Type" drop-down list, and select "Request Header". Click the "Source" drop-down list, and select "Warning". Click "OK" to add. Click "Apply" under the "Actions" pane.