Ensure notListedcgisallowed is set to false

The notListedCgisAllowed attribute is a server-level setting that is located in the ApplicationHost.config file in the <isapiCgiRestriction> element of the <system.webServer> section under <security> . This element ensures that malicious users cannot copy unauthorized CGI binaries to the Web server and then run them. It is recommended that notListedCgisAllowed be set to false.

The notListedCgisAllowed attribute is a server-level setting that is located in the ApplicationHost.config file in the <isapiCgiRestriction> element of the <system.webServer> section under <security> . This element ensures that malicious users cannot copy unauthorized CGI binaries to the Web server and then run them. It is recommended that notListedCgisAllowed be set to false:

  1. Open IIS Manager as Administrator.
  2. In the Connections pane on the left, select the server to configure.
  3. In Features View, select ISAPI and CGI Restrictions; in the Actions pane, select Open Feature.
  4. In the Actions pane, select Edit Feature Settings.
  5. In the Edit ISAPI and CGI Restrictions Settings dialog, clear the Allow unspecified CGI modules check box.
  6. Click OK.