Security and the Request Forwarder
The request forwarder allows specific requests to be forwarded to the cluster controller in load-balanced environments. The request forwarder also forwards misrouted requests for session-state enabled applications.
Security Implications for the Request Forwarder
In accordance with the security principle that all unnecessary code be disabled, it is recommended that you turn off request forwarding if it is not necessary for the correct operation of your cluster and applications.
For more information about the request forwarder, see Handling Requests in Load-Balanced Environments
For more information about disabling the request forwarder, see Configure the Request Forwarder
For more information about removing other unnecessary code, see Secure the Web Tier with IIS
Did you find this information useful? Please send your suggestions and comments about the documentation to