Forum Discussion
IIS Hardening issues
Hello,
we need to fix these IIS hardening issues. Is it allowed to set these without break sharepoint functionality? and how should i set/fix these?
1. Ensure 'host headers' are on all sites | You need to define a host on your binding: *:32843: *:32844: 32845:* * on site SharePoint Web Services. You need to define a host on your binding: :2016: on site SharePoint Central Administration v4. |
2. Ensure Unlisted File Extensions are not allowed | SharePoint Central Administration v4:In web config filter: 'system.webServer/security/requestFiltering/fileExtensions' the property: 'allowUnlisted' is set to 'True' but expected is: 'False'. |
3. Ensure HSTS Header is set | Server Default Setting:OK In web config filter: '/system.webServer/httpProtocol/customHeaders' of site 'Server Default Setting' a customHeader 'Strict-Transport-Security' should be defined. |
Thanks a lot
Kind regards
- LuigiBrunoSteel Contributor
Hello olkipolki.
I would avoid touching those IIS settings: as an example, you can control the file types uploaded to SharePoint via the web application configuration from the Central Administration; on the other side, you shouldn't adjust allowed verbs in IIS unless strictly necessary for some specific reason (e.g.: custom code).
You can perform some tests after taking a backup of the sites that would be affected by the changes in IIS settings, for you to be able to restore the previous configuration in case of any error.Bye.
- olkipolkiCopper Contributor
LuigiBruno Thanks for your reply. What do you think about the other two settings 1. host headers, 3. HSTS Header? for the HSTS header settings i'
ve found this powershell script. is it viable/recommended to set it this way for Sharepoint 2016?$wa = Get-SPWebApplication https://sharepoint.example.com $wa.HttpStrictTransportSecuritySettings.IsEnabled = $true $wa.Update()
thanks