AnsweredAssumed Answered

150085 Slow HTTP POST vulnerability

Question asked by summer wang on Jan 20, 2020
Latest reply on Jan 21, 2020 by Sheela Sarva

I scan my site with 'Qualys', sometimes it reported the 'Slow HTTP POST vulnerability', sometimes not.

My enviroment is windows server 2016 iis 10.

Bellow is my configuration:

 

Config Path: C:\Windows\System32\inetsrv\config\applicationHost.config

<system.webServer>
<sites>
<site name="MgntPortal-UAT" id="1" serverAutoStart="true">
<application path="/" applicationPool="MgntPortal-UAT">
<virtualDirectory path="/" physicalPath="E:\WorkDir\UAT\ManagementPortal" />
</application>
<bindings>
<binding protocol="https" bindingInformation="*:443:admin-uat.***.com" sslFlags="1" />
</bindings>
<limits connectionTimeout="00:00:30" />
</site>
</sites>
<webLimits connectionTimeout="00:00:30" headerWaitTimeout="00:00:30" minBytesPerSecond="2048" />
</system.webServer>

 

Config Path: Web.config

<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="209715200" maxUrl="2048" maxQueryString="1024">
<headerLimits>
<add header="Content-type" sizeLimit="100" />
<add header="Content-Length" sizeLimit="100"/>
</headerLimits>
</requestLimits>
<verbs allowUnlisted="false">
<clear />
<add verb="GET" allowed="true"/>
<add verb="POST" allowed="true"/>
</verbs>
</requestFiltering>
</security>

 

Could you help me

Outcomes