| ======= |
| mod_fsp |
| ======= |
| |
| mod_fsp is an Apache2 module for providing a Flash Socket Policy on the |
| same port that HTTP is served. The cross-domain policy that is served is |
| specified via a configuration option 'FSPPolicyFile'. |
| |
| If a flash application sends a policy file request to an Apache server |
| that has enabled and configured the mod_fsp module over its HTTP port, |
| then the configured cross-domain policy will be returned as the response. |
| |
| ======== |
| Building |
| ======== |
| |
| To build the mod_fsp source code you can use Apache2's module |
| build and installation tool: 'apxs2' which is, at the time of |
| this writing, available on debian in the package: |
| |
| apache2-threaded-dev |
| |
| To compile mod_fsp you would run the following command: |
| |
| apxs2 -c mod_fsp.c |
| |
| ============ |
| Installation |
| ============ |
| |
| To install mod_fsp you the following command as root: |
| |
| apxs2 -c -i -a mod_fsp.c |
| |
| You must then restart your apache2 process, typically like so: |
| |
| /etc/init.d/apache2 restart |
| |
| =================== |
| Manual Installation |
| =================== |
| |
| To manually enable mod_dsp on your Apache2 server, you must copy the |
| module file to the appropriate directory and create a load file. |
| |
| The module file: |
| |
| fsp.so (The library extension may vary if you are not using linux). |
| |
| Must be copied to Apache's module installation directory which is |
| typically located (on a debian system): |
| |
| /usr/lib/apache2/modules |
| |
| The load file: |
| |
| fsp.load |
| |
| Must be created in Apache2's 'mods-available' directory, typically |
| located (on a debian system): |
| |
| /etc/apache2/mods-available |
| |
| The load file should contain: |
| |
| LoadModule fsp_module /usr/lib/apache2/modules/mod_fsp.so |
| |
| If your Apache module installation directory is different from |
| the one listed above, you will need to set the correct one in the |
| fsp.load file. |
| |
| To actually enable the module you must create a symbolic link in |
| Apache's 'mods-enabled' directory, typically located (on debian): |
| |
| /etc/apache2/mods-enabled |
| |
| By typing (from that directory): |
| |
| ln -s ../mods-available/fsp.load fsp.load |
| |
| ============= |
| Configuration |
| ============= |
| |
| Once mod_fsp is installed, it must be configured. There is currently |
| only one configuration option for mod_fsp: 'FSPPolicyFile'. This |
| configuration option will set the file that mod_fsp will look in |
| on apache startup for the cross-domain policy to serve. This option |
| can be provided on a per-port basis. Each port can use a different |
| one, but VirtualServers on a single port will use the same one. This |
| is a limitation of the design by Adobe. |
| |
| Note: The cross-domain policy may fail to be served if the configuration |
| option isn't added in the first VirtualHost entry (for a given port) read |
| by Apache. |
| |
| An example of this configuration in use: |
| |
| <VirtualHost *:80> |
| ServerName example.com |
| DocumentRoot /var/www/example.com |
| ErrorLog /var/log/apache2/example.com-error.log |
| CustomLog /var/log/apache2/example.com-access.log vhost_combined |
| |
| # mod_fsp config option |
| FSPPolicyFile /etc/apache2/crossdomain/crossdomain.xml |
| |
| <Directory /var/www/example.com> |
| Options Indexes FollowSymLinks MultiViews |
| AllowOverride All |
| Order allow,deny |
| allow from all |
| </Directory> |
| |
| </VirtualHost> |
| |
| And example of the most permissive cross-domain policy file for flash: |
| |
| <?xml version="1.0" encoding="UTF-8"?> |
| <!DOCTYPE cross-domain-policy SYSTEM |
| "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> |
| <cross-domain-policy> |
| <site-control permitted-cross-domain-policies="all"/> |
| <allow-access-from domain="*" to-ports="*"/> |
| <allow-http-request-headers-from domain="*" headers="*"/> |
| </cross-domain-policy> |
| |
| ================== |
| Note about SSL/TLS |
| ================== |
| |
| Flash currently has no built-in SSL/TLS support so there is no |
| reason to specify an 'FSPPolicyFile' option for SSL servers. The |
| Flash player cannot directly communicate with them when doing |
| internal look ups of policy files. |