Block streaming Flash content in an explicit proxy deployment
search cancel

Block streaming Flash content in an explicit proxy deployment


Article ID: 165409


Updated On:


ProxySG Software - SGOS


Flash applications can bypass the ProxySG appliance in an explicit deployment and go directly out via firewall on port 1935 (RTMP).

To prevent this occurrence, block the port on the firewall. After you block the port, however, Flash applications could try to go out via the appliance based on the computer/browser's configuration as RTMPT (RTMP tunneled) using http port (80) or 443.

Note: If RTMPT uses port 443 (not true SSL packets), the detect protocol feature would be able to detect this traffic and should fail the connection by default.

Use one of two methods to block the Flash streaming content. To determine which one to use, verify if the appliance has a Flash license:

  1. In the Management Console, select Maintenance > Licensing > View > Licensed.
  2. Look for a component named Flash Streaming. In this component does not exist, the appliance has no Flash license. To obtain a Flash license, contact your local sales representative

Example of a Flash Streaming license:

Component name:         Flash Streaming

Valid:                  yes

Serial number:          XXXXX-XXXXX

Product Description:    SOFTWARE, Flash

Part Number:            FLASH

Activation date:        None

Expiration date:        2016-05-18

Option:                 Premium

If your appliance has a Flash license

Deny Flash streaming content with the following policy:


streaming.content=(flash) Deny  

If your appliance does not have a Flash license
Block Flash streaming content by user agent and/or content type and the HTTP method for streaming Flash. The following is an example:



request.header.User-Agent="Shockwave Flash"  DENY
request.header.Content-Type="application/x-fcs" http.method=(POST) Deny