Hi. crossdomain.xml should be deployed like so: MUST HAVE: root site folder of the destination server. possible: additional policy files in subfolders (if the top-level policy file allows that). If your server can accept HTTP uploads it can also host policy file, else, it's not really an HTTP server (doesn't implement even a basic requirement for HTTP protocol).
Best. Oleg
