测试（绿盟）_绿盟dlp测试记录表

测试（绿盟）

绿盟科技漏洞报告，IIS 修复 web.config 配置

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <requestFiltering>
                <requestLimits>
                    <headerLimits>
                        <!--检测到目标主机可能存在缓慢的HTTP拒绝服务攻击-->
                        <add header="Content-type" sizeLimit="100" />
                    </headerLimits>
                </requestLimits>
            </requestFiltering>
        </security>
        <httpProtocol>
            <customHeaders>
                <!--检测到目标X-Content-Type-Options响应头缺失-->
                <add name="X-Content-Type-Options" value="nosniff" />
                <!--检测到目标X-XSS-Protection响应头缺失-->
                <add name="X-XSS-Protection" value="1" />
                <!--检测到目标Content-Security-Policy响应头缺失-->
                <!-- <add name="Content-Security-Policy" value="default-src 'self'" /> -->
                <!--检测到目标Strict-Transport-Security响应头缺失-->
                <add name="Strict-Transport-Security" value="max-age=31536000" />
                <!--检测到目标Referrer-Policy响应头缺失-->
                <add name="Referrer-Policy" value="origin-when-cross-origin" />
                <!--检测到目标X-Permitted-Cross-Domain-Policies响应头缺失-->
                <add name="X-Permitted-Cross-Domain-Policies" value="master-only" />
                <!--检测到目标X-Download-Options响应头缺失-->
                <add name="X-Download-Options" value="noopen" />
                <!--点击劫持：X-Frame-Options未配置-->
                <add name="X-Frame-Options" value="deny" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
    <!-- <system.applicationHost> -->
        <!--检测到目标主机可能存在缓慢的HTTP拒绝服务攻击-->
        <!-- <webLimits connectionTimeout="00:00:30" headerWaitTimeout="00:00:10" dynamicIdleThreshold="150" minBytesPerSecond="512" /> -->
    <!-- </system.applicationHost> -->
</configuration>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39