Details
IIS application pools can be periodically recycled to avoid unstable states possibly leading to application crashes, hangs, or memory leaks. By default, application pool recycling is overlapped, which means the worker process to be shut down is kept running until after a new worker process is started. After a new worker process starts, new requests are passed to it. The old worker process shuts down after it finishes processing its existing requests, or after a configured time-out, whichever comes first. This way of recycling ensures uninterrupted service to clients.
Solution
Open the IIS 10.0 Manager.
Click ‘Application Pools’.
Highlight an Application Pool and click ‘Advanced Settings’ in the ‘Action’ Pane.
Scroll down to the ‘Recycling section’ and set the value for ‘Request Limit’ to greater than ‘0’.
Click ‘OK’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.
References
- 800-53|CM-6b.
- CAT|II
- CCI|CCI-000366
- Rule-ID|SV-218772r558649_rule
- STIG-ID|IIST-SI-000252
- STIG-Legacy|SV-109369
- STIG-Legacy|V-100265
- Vuln-ID|V-218772