Details
Http.sys is the kernel mode driver that handles HTTP requests. There are several registry keys associated with http.sys. The UrlSegmentMaxLength key sets the maximum number of characters in a URL path segment (the area between the slashes in the URL). Setting this value too large may cause performance or a Denial of Service condition on the web server.
Solution
1. Open the registry editor.
2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesHTTPParameters.
3. Set the value for the UrlSegmentMaxLength key to REG_DWORD 260 (or less) or add the key and set it to REG_DWORD 260.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.
References
- 800-53|SC-5
- CAT|II
- Rule-ID|SV-38165r1_rule
- STIG-ID|WA000-WI6090_IIS6
- Vuln-ID|V-13719