19 Replies Latest reply on Jan 31, 2017 6:01 AM by mudd1970

    v24.0.0.194 breaks flash embed chats.

    Eyecu Level 1

      Just looking to see what has changed from 186 to 194 that stops flash based chats from connecting. When using 186 connection was fine. As soon as updated to 194 same chat gets a flash policy error even though flash policy is running. only thing to change was updating to the new flash player version. This is effecting both microsoft edge/ie and firefox. Not effecting google chrome as of yet as they haven't updated to the new version.

        • 1. Re: v24.0.0.194 breaks flash embed chats.
          divya_1993 Adobe Employee

          Hi,

           

          Which operating system are you using.?

          Also, Please share a snapshot of the "error" as you mentioned above.

           

          Thanks!

          • 2. Re: v24.0.0.194 breaks flash embed chats.
            Eyecu Level 1

            Im currently on Windows 10, but it happens on any OS i believe as we have had reports of issues on mac aswell. This happens on any type of web based flash chat. lightIRC is one of the ones I use that is having the issue: you can test with:
            ChainScriptz

             

            also happens on oasiz chat ( Oasiz Home  )

             

            and buzzen chat ( Buzzen Chat - Free Chat Network )

             

            All three of these use different flash compenents to their chat so it is a wide spread issue with connect to chat networks using flash.  All of them use so variation of an irc chat backend ( hence the flashpolicy being need ) 

            • 3. Re: v24.0.0.194 breaks flash embed chats.
              divya_1993 Adobe Employee

              Thanks for reporting. We are investigating the issue.

              • 4. Re: v24.0.0.194 breaks flash embed chats.
                err0r 007 Level 1

                This issue is affecting hundred's of our users and we have verified the issue is impacting many other websites that use Flash Based Socket to connect to IRC. Hopefully a fix can be found very soon. We can offer any information you require to speed up this process.

                • 5. Re: v24.0.0.194 breaks flash embed chats.
                  henkd94656294 Level 1

                  Unfortunatly we also have this problem with Adobe Flash Player. People can not connect to our LightIRC webchat application.

                   

                  They get error about flash policy daemon should not be installed. But it is installed and running. We have these problems since yesterday update from Adobe Flash Player.

                   

                   

                  Best Regards, Herman.

                  • 6. Re: v24.0.0.194 breaks flash embed chats.
                    Adobe Employee

                    Sorry for the inconvenience.  Flash Player has historically blocked communication on a number of ports.  As Flash and the Internet continue to grow and mature, it's important that Flash behaves as a responsible citizen in regard to the larger ecosystem.  In many instances, this means ensuring that Flash Player conforms to limit its capabilities to match those available through HTML and JavaScript.  These changes bring Flash Player in line with the latest thinking about what ports should be restricted.

                     

                    While updates to the official documentation are forthcoming, I can confirm that we've expanded the list of blocked ports.  Here's the current list:

                     

                    1, 7, 9, 11, 13, 15, 17, 19, 21, 22, 23, 25, 37, 42, 43, 53, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 139, 143, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 556, 563, 587, 601, 636, 993, 995, 1720, 1723, 2049, 3659, 4045, 5060, 6000, 6566, 6665, 6666, 6667, 6668, and 6669.

                     

                    Unfortunately, one of the side effects of this change is that a few of these ports are in the range of ports informally used by IRC servers when an IRC daemon is not run with administrative privileges, or many IRC instances are served from a single IP.  In this instance, our recommendation would be to proxy traffic on affected ports in this range to different ports, in order to make them available to a Flash-based IRC client.

                     

                    The message about installing a policy daemon is generated by the content, and is incorrect.  In this instance, you're encountering the error because you're attempting to connect to a port that's blocked, and it fails.

                    2 people found this helpful
                    • 7. Re: v24.0.0.194 breaks flash embed chats.
                      henkd94656294 Level 1

                      Hello Jeromiek,

                       

                      With the help of your answer we could fix this isue. Thank you verry much. What did we do?

                       

                      <?xml version="1.0"?>

                      <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">

                      <cross-domain-policy>

                      <site-control permitted-cross-domain-policies="master-only"/>

                      <allow-access-from domain="*" to-ports="6667" />

                       

                      In the last line remove 6667 and replace that with a star *

                       

                      Then think about what port you would like to use and put that port in a listen block in your Unrealircd.conf  and in Lightirc in config.js put that same IP      in params.port                         = "ooooo"; replace the zeros. When you finished then /rehash you unreal server. and also after the changes you made in restart the flashpollicy. Good luck and get it up and running again>

                       

                      Best Regards, Herman.

                      1 person found this helpful
                      • 8. Re: v24.0.0.194 breaks flash embed chats.
                        valentin86 Level 1

                        Hello Jeromiek,

                         

                        thanks for the clarification.

                        Could you please explain why you make such a major restriction out of the blue? Are you aware that this foredooms all Flash-based IRC clients in the whole Internet? 6667 is the de-facto standard port for IRC daemons and it's in use for decades already.

                         

                        Though, the fact that you blocked 6665-6669 is a clear indicator that you explicitely wanted to prohibit IRC connections. I think the policy server restrictions were already tight enough to prevent abuse. This kind of full dismissal will affect thousands of webmasters and hundreds of thousands users, which were quite happy with their Flash-based IRC clients. Until now.

                        Please consider a relaxation of the amount of blocked ports as this restriction has unreasonably heavy impacts compared to the small "security"  improvements it will bring.

                         

                        In any case, we would appreciate if you could shed some light on your motivation to block IRC connections in Flash Player.

                         

                        Best regards,

                        Valentin Manthei (developer of lightIRC)

                        2 people found this helpful
                        • 9. Re: v24.0.0.194 breaks flash embed chats.
                          IceWare Level 1

                          Would really like to see a "real" answer to your question as well. I just didn't realize that Adobe felt the need to be a follower, instead of a leader. I for one can see no good, that came out of this move to "block" ports. A port is a port is a port.

                           

                          If they actually wanted to do something, to be a good net citizen (whatever that really is), they should get back into the fight, and start making AS3 dominant again.

                          1 person found this helpful
                          • 10. Re: v24.0.0.194 breaks flash embed chats.
                            Adobe Employee

                            It would be better if you updated the to-ports="6667" value to the new port that you pick, but that's the ideal workaround.

                             

                            Using * allows Flash Player to talk to any unblocked port on that server, which, if you have any poorly configured or vulnerable services running your host, might not be the best thing to do.

                            • 11. Re: v24.0.0.194 breaks flash embed chats.
                              henkd94656294 Level 1

                              Hello,

                               

                              thats what I tried to do but then I get the flash policy error agin.

                              The new port I use has 5 figures. Should be the reason because it is one more then 6667?

                               

                              Best Regards, Herman.

                              • 12. Re: v24.0.0.194 breaks flash embed chats.
                                Adobe Employee

                                It sounds like there's probably more than one port in play.  Since * allows everything, it works.  Specifying the single port is too tight, because there's traffic on a different port that also fails.

                                 

                                You could look with a packet sniffer like Wireshark to see what ports are actually being used, but it's a little bit of a research project.  Taking a more surgical approach when opening ports is better, simply because you're limiting your attack surface, but * will definitely get it done.

                                • 13. Re: v24.0.0.194 breaks flash embed chats.
                                  steve-playio Level 1

                                  I am really trying to figure out if you guys are trying to kill what is left of flash. Why would you guys block IRC ports for websites that use flash as a median for IRC servers.

                                  • 14. Re: v24.0.0.194 breaks flash embed chats.
                                    henkd94656294 Level 1

                                    Hello,

                                     

                                    I am still in doubt.that It should be better to use "to-ports="6667" value"

                                    But when I do enter a port then I get the flash policy error again. So for now I use  to-ports="*" (with a star)

                                    Is there someone who can tell me  what to do so I can use "to-ports="6667" value" ?

                                     

                                    Best regards, Herman.

                                    • 15. Re: v24.0.0.194 breaks flash embed chats.
                                      Adobe Employee

                                      The socket policy file tells Flash Player what ports it's allowed to communicate on.  The value foo in to-ports="foo" is the list of ports you want to allow.  If you've modified your instance to use 6670 instead of 6667 as an example, then you would want to specify:

                                      <allow-access-from domain="mysite.com" to-ports="6670"/>

                                       

                                      You can also specify a comma-separated list, or a range, like:

                                      <allow-access-from domain="mysite.com" to-ports="6670,6671,6673"/>

                                      <allow-access-from domain="mysite.com" to-ports="6670-6679"/>

                                      • 16. Re: v24.0.0.194 breaks flash embed chats.
                                        hoinar Level 1

                                        1. kill flashpolicyd.rb process

                                        In flashpolicy.xml put on port value 6660, line become:  <allow-access-from domain="*" to-ports="6660" />

                                        start with: ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log

                                         

                                        2. In  config.sys put on params.port value 6660, line become: params.port                         = 6660;

                                         

                                        3. In conf/unrealircd.conf add on listen section:

                                        listen {

                                        <------>ip *;

                                        <------>port 6660;

                                        };

                                         

                                        rehash server with /rehash

                                         

                                        4. if you have firewall unblock sure 6660

                                        • 17. Re: v24.0.0.194 breaks flash embed chats.
                                          henkd94656294 Level 1

                                          yes but the problem is untill now, when I specified a port in flashpolicy.xml Again I get flashpolicy error.

                                          Thats whyI ask the question,

                                          For now I use * (star) instead of a portnumber. But it is not safe or not safe enough.

                                           

                                          Best regards, Herman

                                          • 18. Re: v24.0.0.194 breaks flash embed chats.
                                            mudd1970 Level 1

                                            Good afternoon Herman,

                                             

                                            I also had a problem with lightIRC not working and i just found out  that you can also use port "6664" instead of using a * .

                                            Ofcourse you need to change this in the config.js form lightIRC and also in the flashpolicyd.xml file as mentioned earlier.

                                            In Unrealircd.conf just change the "6667" into "6664-6667" behind the ip-adres and ofcourse open this range also in your router at home :-).

                                             

                                            Kind regards,

                                             

                                            M. Udo

                                            • 19. Re: v24.0.0.194 breaks flash embed chats.
                                              mudd1970 Level 1

                                              Hi Valentin,

                                               

                                              i also agree with you that is really a big question mark why the people of Adobe have blocked the "6667" port as it is the standard irc port for ages. Good of you too to put this on your own website of lightIRC with the link to this thread where people can read all the info they need. I just added some more info to this thread as an reply to "Herman" which may/could be helpfull to other admins of their (Unreal)IRCd server.

                                               

                                              Kind regards,

                                               

                                              Maarten.