Deploying Amfphp

Deploying Amfphp on a live server

It is possible that a service you developed locally will fail remotely. Chances are the development environment will not mimic perfectly the deployment environment. You don’t need much security locally but think about it before deploying to a production server.

What files and folders are needed?

The main ‘Amfphp’ folder is needed in all cases. Then you need all the files you created yourself. That’s it!

What about the Back Office?

The Back Office can be put on a live server, but make sure that it’s configured to ask for a login. This is the default behavior, so if you didn’t change anything you should be alright.

Case sensitivity issues

Case-sensitivity issues. The filenames are case-sensitive on Unix/Linux, but not on Windows, so if you are getting errors such as ‘the service does not exist’ double check the names

crossdomain.xml – security sandbox issues

Since Flash 6, the Flash player implements a security sandbox. If your swf file is located on one domain and the gateway.php file on another, remote calls will fail. This is true of subdomains as well, meaning you won’t be able to call myserver.com from www.myserver.com. The solution is to use a crossdomain.xml file.

mod_security issues

There have been reports that Apache installations with mod_security enabled can cause issues. In particular, mod_security may be set to disallow any unknown content-types, and amfPHP uses the application/x-amf content type. In your Apache error log, this will show up as:

mod_security: Access  denied with code 404. Pattern match  "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" at  HEADER("Content-Type")

The pattern match outlined above should be defined in /etc/httpd/conf.d/mod_security.conf. If not there, it could be in /etc/httpd/conf/httpd.conf. If not, you should be able to find it using

find /etc/httpd/ -name "*security.conf"

You should find a line such as this:

SecFilterSelective HTTP_Content-Type  "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"

Change it to:

SecFilterSelective HTTP_Content-Type  "!(^$|^application/x-www-form-urlencoded$|^application/x-amf|^multipart/form-data)"

Restart Apache and it should work. If you don’t have global access to the *.conf files, you may be able to achieve the same effect with a .htaccess file in the amfphp diretory:

<IfModule mod_security.c>
    SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^application/x-amf|^multipart/form-data)"
</IfModule>

IIS woes

There have been reports that amfphp may not work in IIS if index.php and the services folder are set to ‘read-only’. Make sure you give full permissions to Amfphp if you want it to work correctly on IIS.

see also

pages on security and optimizing Amfphp.

Laissez un commentaire

News letter

Evénements Silex Labs sur Paris et sa région: Inscrivez vous à la Newsletter mensuelle

Silex Labs community Tweets

Facebook page

Abonnez-vous aux news via Email

Rejoignez 44 autres abonnés