2 Replies Latest reply on Jan 24, 2020 10:27 AM by a2097anew

    IIS 10.0 Registry Tuning Settings (IIST-SV-000151 / V-76755)

    a2097anew

      Hello,

       

      I have a STIG requirement (The IIS 8.5 web server must be tuned to handle the operational requirements of the hosted application.) to configure the following registry values:

       

      HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\"URIEnableCache"

      HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\"UriMaxUriBytes"

      HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\"UriScavengerPeriod"

       

      The STIG does not contain any specific recommendations for these values.

       

      Are there recommended values available from SolarWinds?

        • Re: IIS 10.0 Registry Tuning Settings (IIST-SV-000151 / V-76755)
          sturdyerde

          A classic DISA STIG move. "Make sure you have [a] value in this setting." (Thanks, DISA!) Take a look at this document from Microsoft: Tuning IIS 10.0 | Microsoft Docs. If you have nothing set for these, start with the defaults that are listed in the document. You may choose to "tweak" settings from there. If you already have the defaults set, then you are in compliance with these STIG requirements.

           

          • UriEnableCache Default value: 1
            A non-zero value enables the kernel-mode response and fragment caching. For most workloads, the cache should remain enabled. Consider disabling the cache if you expect a very low response and fragment caching.
          • UriMaxCacheMegabyteCount Default value: 0
            A non-zero value that specifies the maximum memory that is available to the kernel-mode cache. The default value, 0, enables the system to automatically adjust how much memory is available to the cache.Note Specifying the size sets only the maximum, and the system might not let the cache grow to the maximum set size.
          • UriMaxUriBytes Default value: 262144 bytes (256 KB)
            The maximum size of an entry in the kernel-mode cache. Responses or fragments larger than this are not cached. If you have enough memory, consider increasing the limit. If memory is limited and large entries are crowding out smaller ones, it might be helpful to lower the limit.
          • UriScavengerPeriod Default value: 120 seconds
            The HTTP.sys cache is periodically scanned by a scavenger, and entries that are not accessed between scavenger scans are removed. Setting the scavenger period to a high value reduces the number of scavenger scans. However, the cache memory usage might increase because older, less frequently accessed entries can remain in the cache. Setting the period too low causes more frequent scavenger scans, and it can result in too many flushes and cache churn.
          2 of 2 people found this helpful