Adobe Policy File Socket Server as an Apache Module

Over the past few weeks, I've been working on an ActionScript (Flex 4.0) FTP Client.  One of the things that made life really annoying was the new stricter socket policy files, introduced in Flash 9 and mandatory in Flash 10.

According to the new rules, to allow a socket crossdomain policy to be used, you need to use Adobe's socket protocol to serve the policy file, and you can no longer use HTTP, despite the fact that it's on port 80 (under 1024).

And while Adobe was nice enoguh to provide a pair of sample servers in Perl and Python, for most sysadmins out there, that just won't cut it.

So, I went ahead and wrote a protocol module for the Apache Webserver to serve up crossdomain files via the Adobe socket protocol.  You can grab the source here.

To use it, you'll need to build it with apxs (apxs -cia mod_adobe_crossdomainpolicy.c), and configure your httpd.conf file thusly:

Firstly, you need to load the module, although the apxs command above should do that for you:

    LoadModule adobe_crossdomainpolicy_module modules/

Next, you'll need to bind to a port, and set up a <VirtualHost> for that port.  In this example, I'll use Adobe's standard port, 843.

  Listen 843
      AdobePolicyFileServerEnabled On

After starting Apache, you can test that this works by running the following from the command line (on Windows, this won't work out-of-the-box; sorry)

$ perl -e 'printf "<policy-file-request/>%c",0' | nc 843

And you should get the following output:

<?xml version='1.0'?>
<!DOCTYPE cross-domain-policy SYSTEM

        <site-control permitted-cross-domain-policies='all'/>
        <allow-access-from domain='*' secure='false'/>
        <allow-http-request-headers-from domain='*' headers='*' secure='false'/>

That's the default super-secure locked down version of Adobe's policy.  To replace this with your own policy, just add the following directive after the "AdobePolicyFileServerEnabled on":

AdobePolicyFile /path/too/crossdomain.xml

Then restart Apache and retest, and you should get your crossdomain.xml file returned to you.

You can add as many VirtualHosts as you want (on different IP/ports) with a different file for each.

Hope this helps you!