-1

I am working on an Application which is a ticketing tool,user log ticket corresponding to each task assign to them,there is Slow http post vulnerability in that which can be remove by manipulating connection timeout on iis server. what should be the idea value of connection timeout for which i can solve that vulnerability? please do help.

with ishan
  • 3
  • 1

1 Answers1

0

The security vulnerability can be fixed by updating the Limits settings for the web site.

1)Open IIS Manager

2)Select your site

3)On the Actions panel, click "Limits"

4)Set Connection time-out to 30

5)Check "Limit number of connections" and set the value to 1024.

enter image description here

6)Click OK

restart iis.

Jalpa Panchal
  • 8,251
  • 1
  • 11
  • 26
  • Thanks but how come you so sure that connection timeout should be 30 seconds only? do u have any authenticate site which can confirm this? – with ishan Apr 02 '20 at 11:02
  • i need an authenticate site which can confirm me the value of connection timeout? – with ishan Apr 02 '20 at 11:04
  • @withishan you could try to set the value based on your requirement. this is just an example. [link](https://blog.qualys.com/securitylabs/2011/11/02/how-to-protect-against-slow-http-attacks) – Jalpa Panchal Apr 03 '20 at 08:42
  • 1
    okay,means i can do hit n trial and which so ever value suits to my application, i apply that..okay? – with ishan Apr 03 '20 at 12:21
  • @withishan yes. but first, you could try to set the value to 30 sec. – Jalpa Panchal Apr 07 '20 at 08:12
  • 1
    okay ,thanks for suggestion...i guess u r right coz 30 sec would be suitable as my application does'nt invlve too many users...its just a ticketing tool to log their task as a ticket – with ishan Apr 08 '20 at 10:23