Skip to content

Latest commit

 

History

History
59 lines (31 loc) · 3.35 KB

README.markdown

File metadata and controls

59 lines (31 loc) · 3.35 KB

Erlang Flash Policy File Server

###Erlang Server serving flash crossdomain policies on adobe standard port 843, intended for use in production environments.

This policy server accepts Policy File Requests from Flash Movies that use the flash.net.XMLSocket Class. These requests are sent by the Flash Player automatically, if the Flash Movie tries to connect to a different host as the origin of the Flash Movie.

If you use the flash.net.SecureSocket Class to establish a SSL encrypted connection to your Server, the Flash Player requests the master policy at Port 843 also SSL encrypted, which is not very well documented by Adobe. In that case you should use the ssl branch of this project, otherwise the policy file requests will fail.

  • ####Building Server:

      ./build.sh
    
  • ####Configure Policy File:

    Edit flashpolicy.xml and replace <allow-access-from domain="*" to-ports="123" /> port 123 with a comma separated list of ports your flash client should be allowed to connect at, and maybe replace the wildcard domain with the domain that serves your flash file.

  • Starting Production Server:

      sudo ./policyserver start
      
    Notice: You must be __root__ to start the server because it binds by default to the __privileged port__ 843.
    
  • ####Testing Server:

      perl -e 'printf "<policy-file-request/>%c",0' | nc 127.0.0.1 843
      
      # or
      
      ./policyserver test
    
  • ####Reload Policy File:

    If you modified the flashpolicy.xml file, you can reload it during runtime using ./policyserver reload.

  • ####Extended Server Configuration:

    The server can be configured in the env section of either the src/flashpolicy.app.src file or the ebin/flashpolicy.app file. If you edit the src/flashpolicy.app.src file you must run ./build.sh again, that will copy it to the ebin directory and overwrite the ebin/flashpolicy.app file. Changing the server configuration requires a server restart: ./policyserver stop && sudo ./policyserver start.

        {env, [
          {policy_file, "./flashpolicy.xml"},  %% string(): policyfile to serve
          {enable_logging, true},              %% boolean(): enable or disable logging
          {logfile_path, "./log/"},            %% string(): path to logfiles. must end with path separator '/'
          {listen_at_interface, any},          %% any | e.g. {192,168,0,2}: the ip address as tuple to bind at, or 'any' to listen at all interfaces
          {port, 843},                         %% integer(): the port to listen at
      
          {bind_also_at, []}                   %% [{interface(), port(), policy_file()}]: additional interfaces and ports to listen at, e.g [{any, 8080, "./otherPolicy.xml"}]
        ]}
    

    bind_also_at can be used to serve different policy files at different ports or interfaces.

  • ####Logging:

    Logging can be enabled or disabled during runtime using ./policyserver enable-logging or ./policyserver disable-logging. The default logging directory is ./log.