Just looking to see what has changed from 186 to 194 that stops flash based chats from connecting. When using 186 connection was fine. As soon as updated to 194 same chat gets a flash policy error even though flash policy is running. only thing to change was updating to the new flash player version. This is effecting both microsoft edge/ie and firefox. Not effecting google chrome as of yet as they haven't updated to the new version.
Which operating system are you using.?
Also, Please share a snapshot of the "error" as you mentioned above.
Im currently on Windows 10, but it happens on any OS i believe as we have had reports of issues on mac aswell. This happens on any type of web based flash chat. lightIRC is one of the ones I use that is having the issue: you can test with:
also happens on oasiz chat ( Oasiz Home )
and buzzen chat ( Buzzen Chat - Free Chat Network )
All three of these use different flash compenents to their chat so it is a wide spread issue with connect to chat networks using flash. All of them use so variation of an irc chat backend ( hence the flashpolicy being need )
Thanks for reporting. We are investigating the issue.
This issue is affecting hundred's of our users and we have verified the issue is impacting many other websites that use Flash Based Socket to connect to IRC. Hopefully a fix can be found very soon. We can offer any information you require to speed up this process.
Unfortunatly we also have this problem with Adobe Flash Player. People can not connect to our LightIRC webchat application.
They get error about flash policy daemon should not be installed. But it is installed and running. We have these problems since yesterday update from Adobe Flash Player.
Best Regards, Herman.
While updates to the official documentation are forthcoming, I can confirm that we've expanded the list of blocked ports. Here's the current list:
1, 7, 9, 11, 13, 15, 17, 19, 21, 22, 23, 25, 37, 42, 43, 53, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 139, 143, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 556, 563, 587, 601, 636, 993, 995, 1720, 1723, 2049, 3659, 4045, 5060, 6000, 6566, 6665, 6666, 6667, 6668, and 6669.
Unfortunately, one of the side effects of this change is that a few of these ports are in the range of ports informally used by IRC servers when an IRC daemon is not run with administrative privileges, or many IRC instances are served from a single IP. In this instance, our recommendation would be to proxy traffic on affected ports in this range to different ports, in order to make them available to a Flash-based IRC client.
The message about installing a policy daemon is generated by the content, and is incorrect. In this instance, you're encountering the error because you're attempting to connect to a port that's blocked, and it fails.
With the help of your answer we could fix this isue. Thank you verry much. What did we do?
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<allow-access-from domain="*" to-ports="6667" />
In the last line remove 6667 and replace that with a star *
Then think about what port you would like to use and put that port in a listen block in your Unrealircd.conf and in Lightirc in config.js put that same IP in params.port = "ooooo"; replace the zeros. When you finished then /rehash you unreal server. and also after the changes you made in restart the flashpollicy. Good luck and get it up and running again>
Best Regards, Herman.
It would be better if you updated the to-ports="6667" value to the new port that you pick, but that's the ideal workaround.
Using * allows Flash Player to talk to any unblocked port on that server, which, if you have any poorly configured or vulnerable services running your host, might not be the best thing to do.
thats what I tried to do but then I get the flash policy error agin.
The new port I use has 5 figures. Should be the reason because it is one more then 6667?
Best Regards, Herman.
It sounds like there's probably more than one port in play. Since * allows everything, it works. Specifying the single port is too tight, because there's traffic on a different port that also fails.
You could look with a packet sniffer like Wireshark to see what ports are actually being used, but it's a little bit of a research project. Taking a more surgical approach when opening ports is better, simply because you're limiting your attack surface, but * will definitely get it done.
I am really trying to figure out if you guys are trying to kill what is left of flash. Why would you guys block IRC ports for websites that use flash as a median for IRC servers.
thanks for the clarification.
Could you please explain why you make such a major restriction out of the blue? Are you aware that this foredooms all Flash-based IRC clients in the whole Internet? 6667 is the de-facto standard port for IRC daemons and it's in use for decades already.
Though, the fact that you blocked 6665-6669 is a clear indicator that you explicitely wanted to prohibit IRC connections. I think the policy server restrictions were already tight enough to prevent abuse. This kind of full dismissal will affect thousands of webmasters and hundreds of thousands users, which were quite happy with their Flash-based IRC clients. Until now.
Please consider a relaxation of the amount of blocked ports as this restriction has unreasonably heavy impacts compared to the small "security" improvements it will bring.
In any case, we would appreciate if you could shed some light on your motivation to block IRC connections in Flash Player.
Valentin Manthei (developer of lightIRC)
Would really like to see a "real" answer to your question as well. I just didn't realize that Adobe felt the need to be a follower, instead of a leader. I for one can see no good, that came out of this move to "block" ports. A port is a port is a port.
If they actually wanted to do something, to be a good net citizen (whatever that really is), they should get back into the fight, and start making AS3 dominant again.
i also agree with you that is really a big question mark why the people of Adobe have blocked the "6667" port as it is the standard irc port for ages. Good of you too to put this on your own website of lightIRC with the link to this thread where people can read all the info they need. I just added some more info to this thread as an reply to "Herman" which may/could be helpfull to other admins of their (Unreal)IRCd server.
I am still in doubt.that It should be better to use "to-ports="6667" value"
But when I do enter a port then I get the flash policy error again. So for now I use to-ports="*" (with a star)
Is there someone who can tell me what to do so I can use "to-ports="6667" value" ?
Best regards, Herman.
The socket policy file tells Flash Player what ports it's allowed to communicate on. The value foo in to-ports="foo" is the list of ports you want to allow. If you've modified your instance to use 6670 instead of 6667 as an example, then you would want to specify:
<allow-access-from domain="mysite.com" to-ports="6670"/>
You can also specify a comma-separated list, or a range, like:
<allow-access-from domain="mysite.com" to-ports="6670,6671,6673"/>
<allow-access-from domain="mysite.com" to-ports="6670-6679"/>
yes but the problem is untill now, when I specified a port in flashpolicy.xml Again I get flashpolicy error.
Thats whyI ask the question,
For now I use * (star) instead of a portnumber. But it is not safe or not safe enough.
Best regards, Herman
Good afternoon Herman,
I also had a problem with lightIRC not working and i just found out that you can also use port "6664" instead of using a * .
Ofcourse you need to change this in the config.js form lightIRC and also in the flashpolicyd.xml file as mentioned earlier.
In Unrealircd.conf just change the "6667" into "6664-6667" behind the ip-adres and ofcourse open this range also in your router at home :-).
1. kill flashpolicyd.rb process
In flashpolicy.xml put on port value 6660, line become: <allow-access-from domain="*" to-ports="6660" />
start with: ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log
2. In config.sys put on params.port value 6660, line become: params.port = 6660;
3. In conf/unrealircd.conf add on listen section:
rehash server with /rehash
4. if you have firewall unblock sure 6660