![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 84%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Internet Information Services
Microsoft web server software.
1,637 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Is IIS Reverse Proxy working with IIS web server in the backend susceptible to this attack?
No, microsoft recommends that administrators review front-end environmental configurations, and if necessary, enable the request smuggling filter. Testing is required to determine that front-end load balancers and proxies do not forward malformed requests; these requests will be rejected when the filter is enabled, and may disrupt communications.
ADV200008 suggests to add this registry value in the IIS web server - DisableRequestSmuggling. What is the impact of enabling this filter? Should I simply do on all of my servers or it may have some bad impact?
literal meaning, If you enable this filter, it means disable Request Smuggling. you should decide whether to enable all according to your needs.
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.