AnsweredAssumed Answered

150085 Slow HTTP POST vulnerability

Question asked by summer wang on Jan 20, 2020
Latest reply on Jan 21, 2020 by Sheela Sarva

I scan my site with 'Qualys', sometimes it reported the 'Slow HTTP POST vulnerability', sometimes not.

My enviroment is windows server 2016 iis 10.

Bellow is my configuration:


Config Path: C:\Windows\System32\inetsrv\config\applicationHost.config

<site name="MgntPortal-UAT" id="1" serverAutoStart="true">
<application path="/" applicationPool="MgntPortal-UAT">
<virtualDirectory path="/" physicalPath="E:\WorkDir\UAT\ManagementPortal" />
<binding protocol="https" bindingInformation="*:443:admin-uat.***.com" sslFlags="1" />
<limits connectionTimeout="00:00:30" />
<webLimits connectionTimeout="00:00:30" headerWaitTimeout="00:00:30" minBytesPerSecond="2048" />


Config Path: Web.config

<requestLimits maxAllowedContentLength="209715200" maxUrl="2048" maxQueryString="1024">
<add header="Content-type" sizeLimit="100" />
<add header="Content-Length" sizeLimit="100"/>
<verbs allowUnlisted="false">
<clear />
<add verb="GET" allowed="true"/>
<add verb="POST" allowed="true"/>


Could you help me