How to Make IIS support FLV

Most of the hosts in China are win2003. Files in FLV format cannot be played after being uploaded to the server. By default, FLV files are not output. Although they can be seen in FTP, they cannot be accessed through HTTP, it cannot be played. The reason is that win2003 enhanced IIS6 mime verification, and all unregistered extension file formats showed 404 errors. Manually add the mime ing relationship to the HTTP header> mime in the site properties of IIS. The MIME type is video/X-FLV Extension:. FLV, And you can load it in through the Flash 7 + client.
"Virtual Hosts do not support FLV files": for example, if your FLV file name is 1.flv, create a file named "1. FLV directory. Place your FLV file in this directory and rename it index.htm. In this way, the file name address in the player remains unchanged.

How to Make IIS support FLV:
IIS --> website ---> properties ---> HTTP performance ---> MIME type ---> New:
Extension:. FLV (Note that there is one before FLV .)
Mime Type: FLV-application/octet-stream
As shown in:

You must set the content

1: In "Web service extensions", Active Server Pages, Internet Data connectors, RPC proxy service extensions, and file inclusion on the server must be enabled.

2: "website"-"property-" Home Directory-"configuration-" option-"Start parent path

3: "website"-"properties-" service-"select" Run WWW Service in iis5.0 Isolation Mode"

4: Start-"Program-> Management tools-> services. Find the RPC service and double-click-> logon-> allow services to interact with the desktop.

In this way, you can run ASP server. Createobject ("wscript. Shell") in Windows2003 ")

Originally, I wanted to use Asp.net for this program. This problem still exists in ASP. netzh. Therefore, ASP
Functions can be implemented in ASP. I didn't do it in Asp.net. You can try it if you are interested!

2: solution:

① Delete or rename the following dangerous ASP components:
Wscript. Shell, wscript. shell.1, wscript. Network, wscript. network.1, ADODB. Stream, Shell. Application
Start -------> RUN ---------> regedit, open the Registry Editor, press Ctrl + F to search, and enter the preceding wscript in sequence. shell and other component names and the corresponding classid, and then delete or change the name (we recommend that you rename it here. If some Web ASP programs use the above components, you only need to write ASPCodeThe changed component name can be used normally. If you are sure that the above components are not used in your ASP program
Follow these steps to delete these components. After deletion or renaming, iisreset restarts IIS to improve the effect .)
[Note: The ADODB. Stream component will be used in many web pages. Therefore, if your server is running a VM, we recommend that you handle this situation.]

② Regarding File System Object (classid: 0d43fe01-f093-11cf-8940-00a0c9054228), this is a common FSO security issue. If your server must use FSO, (FSO is usually required for some VM servers) refer to another article about the FSO security solution.Article: Microsoft Windows 2000 Server FSO security risk solution. If you are sure not to use this component, you can directly register this component.

③ Direct anti-registration and uninstall of these dangerous components: (applicable to methods that do not want to use ① or ②)

Uninstall the wscript. Shell object and run regsvr32/U % WINDIR % \ system32 \ wshom. ocx in cmd.

Uninstall the FSO object and run regsvr32.exe/U % WINDIR % \ system32 \ scrrun. dll in cmd.

Uninstall the stream object and run: regsvr32/S/u "C: \ Program Files \ common files \ System \ ADO \ msado15.dll" in cmd or directly"

If you want to recover it, you only need to remove/U and then register the above ASP components, for example, regsvr32.exe % WINDIR % \ system32 \ scrrun. dll.

④ Use set domainobject = GetObject ("winnt ://. ") to obtain the process, service, and user information of the server, you can [provide network link and communication] In the workstation service, that is, the lanmanworkstation service can be stopped and disabled. After this processing, the webshell display process will be blank.

3. After processing ASP dangerous components according to methods 1 and 2 above, I tested it with the ASP probe of ajiang. The "server CPU details" and "server operating system" cannot be found at all, the content is blank. Run the CMD command by testing wsript. shell in the ocean, and the prompt is that the image cannot be created in active state. Everyone can no longer worry about the security of the server system caused by ASP Trojans.

Of course, server security is far from enough. Here we will introduce some experiences in processing ASP Trojans and webshells. In the next article, we will show you how to simply prevent others from executing commands such as net user on the server, and prevent overflow attacks to get mongoshell, as well as the simplest and most effective prevention methods to add users and change NTFS settings to terminal logon.