Can we safely Uncheck the "Allow high-bit characters" (high bit are NON-ASCII characters) check box in IIS Request Filtering?
Last Updated March 07, 2019
IIS Site for STIG V-76823
Can you sent vendor documentation on why the “Allow high-bit characters" check box has to be checked.
If check it is a security finding.
It may be OK to turn off High Bit characters as long as Computers aren't named w/ High Bit characters (Chinese). It's not suggested to make this change if we're using High Bit / Unicode characters in system names. For example: Japanese / Chinese languages may have issues if this is disabled.
Fix Text: Follow the procedures below for each site hosted on the IIS 8.5 web server: Open the IIS 8.5 Manager. Click the site name under review. Double-click the "Request Filtering" icon. Click “Edit Feature Settings” in the "Actions" pane. Uncheck the "Allow high-bit characters" check box.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe