Flash App loading crossdomain.xml from app server fails?

Overview

I'm writing a web application using three tier architecture. I have three Amazon EC2 ubuntu servers. The first server handles the presentation of the application and includes my main flash file. The second EC2 instance represents my application server. It con开发者_如何学JAVAtains the AMFPHP files and corresponding web services. Finally, the third instance handles persistance and is running a MySQL database. Both the presentation and application servers are running an apache web server. I created security groups specific to each tier such that the presentation layer will accept all incoming traffic on port 80 while the application layer will only accept incoming traffic from the presentation server. This should allow anyone to request my web application from the presentation server but prevent anyone from accessing the web services on my application server.

Problem

My flash application cannot make web service calls to my application server. When a request is sent, I never receive a response from the server and eventually receive a security sandbox error.

Example:

Security.loadPolicyFile( "http://<EC2 internal IP or public DNS>/crossdomain.xml" );
gw = new NetConnection();
gw.objectEncoding = ObjectEncoding.AMF0;

// connect to the AMFPHP gateway so we can use the services
gw.connect( "http://<EC2 internal IP or public DNS>/gateway.php" );
res = new Responder( onResult, onFault );
gw.call( "Service.test", res );

Investigation

It seemed odd that I wasn't receiving a response, so I decided to try a couple of things: 1. I connected to my presentation tier via ssh and attempted to use lynx to connect to my application server's gateway.php. I was able to connect without any problems. 2. I used Chrome's developer tools window to observe network traffic when loading my site. I found that it is attempting to load the crossdomain.xml file (which resides in the root of my web server [/var/www] on the application tier) using a GET request; but strangely, it times out and fails. This is where I am confused. How come I can use lynx on the same machine to connect to the web server on the application tier but yet the flash app can't access the same file?

Other Useful Information

While running some tests, I decided to open up the application server instance's firewall such that it can receive http requests from my IP. As soon as I did this, the application being hosted on the presentation tier immediately began working (Received a response from the web service)! However, this means I would have to force my application tier to accept http requests from the internet in order to work, which is not something I want to do. I don't understand why making this change would allow the application to grab the crossdomain.xml file. If the application server's security group is set to accept incoming http requests from the presentation security group, it should have no problem acquiring the crossdomain.xml file residing in the web server root of the application server right?

I've spent more time than I would like looking into this issue. I really would like to setup a three-tier environment for my application in which the flash application will be able to send web service requests to my application layer. The most confusing part about this is the fact that when I add my computer's IP address to the application server's firewall, everything seems to magically work as intended. Please correct me if I am setting my application up in the wrong way. I am basing my architecture off of the following: http://media.amazonwebservices.com/AWS_Web_Hosting_Best_Practices.pdf

Thanks for your help!

Regards,

Will

If your servers are all on different domains you have to load the crossdomain.xml from the server you are requesting data/files from.

So if your swf is on server A and you need data from server b you need to load the policy file on server b

// there is no need to reference the crossdomain.xml.
Security.loadPolicyFile( "http://serverBdomainname.com" )

// or for testing purposes you can use local address but this will not work over the web
// just code in the IP of the server if your machine is on the same network
Security.loadPolicyFile( "192.168.0.111" )

Also you might want to verify your crossdomain.xml is web accessible opne it up in a browser.
http://serverBdomainname.com/crossdomain.xml