I have few questions about HTTP request smuggling (ADV200008):
From reading through the internet, I understood that in order to exploit HTTP request smuggling vulnerability, your setup will must be comprised of a frontend device (load balancer, reverse proxy) and a backend web server.
Is IIS Reverse Proxy working with IIS web server in the backend susceptible to this attack?
ADV200008 suggests to add this registry value in the IIS web server - DisableRequestSmuggling. What is the impact of enabling this filter? Should I simply do on all of my servers or it may have some bad impact?