For security reasons, some applications (notably Adobe Flash Player) prevent cross-domain loading of data by default. Using a cross-domain policy file, you enable Flash to allow or disallow content from particular domains. See the cross-domain policy file usage recommendations for Flash Player ( http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html ).
Because the Real End User Experience Monitoring Software Edition has Flash widgets embedded in its user interface, you must manage the cross-domain data loading to secure the system, as described in the following sections. To perform these procedures, you must have Security-level access.
Warning
A cross-domain policy file must be used carefully, because it can expose your system to attacks.
Flash uses a cross-domain policy file (crossdomain.xml) is used by Flash to indicate that its data is available to files served from outside its own domain. It indicates availability by listing domains for which access is allowed.
The hierarchy of a cross-domain policy is presented below:
<cross-domain-policy> <allow-access-from/> </cross-domain-policy>
The following code is the cross-domain policy code that comes with the system. It allows access from all domains by default.
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*"/> </cross-domain-policy> <cross-domain-policy> reference
The following table describes the elements used in the cross-domain policy file.
Elements of the cross-domain policy file
Element | Cardinality | Description | Required |
---|---|---|---|
| None | Root element of the cross-domain policy file and container for the rest of the policy | Yes |
| 0 .. * | Specifies that access to data is permitted from this system | Yes |
| None | A domain name, for example, www.example.com | Yes |
In a Real User Analyzer component, point to Administration > Security settings and click Cross-domain policy.
Edit the cross-domain policy file so that it looks as follows:
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="\*.bmc.com"/> <allow-access-from domain="10.160.15.5"/> <allow-access-from domain="10.160.16.*"/> </cross-domain-policy>
Note
The asterisk character * is a wildcard that represents any value.
The system now allows access from specified domains only.
In a Real User Analyzer component, point to Administration > Security settings and click Cross-domain policy.
In a Real User Analyzer component, point to Administration > Security settings and click Cross-domain policy.
Configuring end-user experience monitoring core components