=======
mod_fsp
=======

mod_fsp is an Apache2 module for providing a Flash Socket Policy on the
same port that HTTP is served. The cross-domain policy that is served is
specified via a configuration option 'FSPPolicyFile'.

If a flash application sends a policy file request to an Apache server
that has enabled and configured the mod_fsp module over its HTTP port,
then the configured cross-domain policy will be returned as the response.

========
Building
========

To build the mod_fsp source code you can use Apache2's module
build and installation tool: 'apxs2' which is, at the time of
this writing, available on debian in the package:

apache2-threaded-dev

To compile mod_fsp you would run the following command:

apxs2 -c mod_fsp.c

============
Installation
============

To install mod_fsp you the following command as root:

apxs2 -c -i -a mod_fsp.c

You must then restart your apache2 process, typically like so:

/etc/init.d/apache2 restart

===================
Manual Installation
===================

To manually enable mod_dsp on your Apache2 server, you must copy the
module file to the appropriate directory and create a load file.

The module file:

fsp.so (The library extension may vary if you are not using linux).

Must be copied to Apache's module installation directory which is
typically located (on a debian system):

/usr/lib/apache2/modules

The load file:

fsp.load

Must be created in Apache2's 'mods-available' directory, typically
located (on a debian system):

/etc/apache2/mods-available

The load file should contain:

LoadModule fsp_module         /usr/lib/apache2/modules/mod_fsp.so

If your Apache module installation directory is different from
the one listed above, you will need to set the correct one in the
fsp.load file.

To actually enable the module you must create a symbolic link in
Apache's 'mods-enabled' directory, typically located (on debian):

/etc/apache2/mods-enabled

By typing (from that directory):

ln -s ../mods-available/fsp.load fsp.load

=============
Configuration
=============

Once mod_fsp is installed, it must be configured. There is currently
only one configuration option for mod_fsp: 'FSPPolicyFile'. This
configuration option will set the file that mod_fsp will look in
on apache startup for the cross-domain policy to serve. This option
can be provided on a per-port basis. Each port can use a different
one, but VirtualServers on a single port will use the same one. This
is a limitation of the design by Adobe.

Note: The cross-domain policy may fail to be served if the configuration
option isn't added in the first VirtualHost entry (for a given port) read
by Apache.

An example of this configuration in use:

<VirtualHost *:80>
   ServerName example.com
   DocumentRoot /var/www/example.com
   ErrorLog /var/log/apache2/example.com-error.log
   CustomLog /var/log/apache2/example.com-access.log vhost_combined

   # mod_fsp config option
   FSPPolicyFile /etc/apache2/crossdomain/crossdomain.xml

   <Directory /var/www/example.com>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All
      Order allow,deny
      allow from all
   </Directory>

</VirtualHost>

And example of the most permissive cross-domain policy file for flash:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

==================
Note about SSL/TLS
==================

Flash currently has no built-in SSL/TLS support so there is no
reason to specify an 'FSPPolicyFile' option for SSL servers. The
Flash player cannot directly communicate with them when doing
internal look ups of policy files.