Is the domain of the HTML container localhost ?
Richard
Wowza Support
Is the domain of the HTML container localhost ?
Richard
Member
I am using like below (application.xml) and on the player is: rtmp://127.0.0.1/live-sfs
<Value>127.0.0.1,*mydomain.com.br</Value>
The access.log is:
2012-01-23 19:58:00 BRST comment server INFO 200 - LiveStreamPacketizerCupertino.endChunkTS[live-jlle-record/_definst_/joi004.stream]: Add chunk: id:9 a/v/k:0/1/1 duration:9806 - - - 66.375 - - - - - - - - - - - - - - - - - - - - - - - - -
2012-01-23 19:58:00 BRST connect-pending session INFO 100 127.0.0.1 - _defaultVHost_ live-sfs _definst_ 0.0 [any] 1935 rtmp://127.0.0.1/live-sfs 127.0.0.1 rtmp unknown WIN 11,1,102,55 1126318473 3331 3073 - - - - - - - - - - - - - rtmp://127.0.0.1/live-sfs -
2012-01-23 19:58:00 BRST comment server INFO 200 - ModuleHotlinkDenial onConnect: 1126318473 _defaultVHost_ live-sfs _definst_ 66.992 - - - - - - - - - - - - - - - - - - - - - - - - -
2012-01-23 19:58:00 BRST comment server INFO 200 - ModuleHotlinkDenial Client Flashver: win 11,1,102,55 _defaultVHost_ live-sfs _definst_ 66.992 - - - - - - - - - - - - - - - - - - - - - - - - -
2012-01-23 19:58:00 BRST comment server INFO 200 - Client Rejected. IP: 127.0.0.1 _defaultVHost_ live-sfs _definst_ 66.992 - - - - - - - - - - - - - - - - - - - - - - - - -
2012-01-23 19:58:00 BRST connect session INFO 401 127.0.0.1 - _defaultVHost_ live-sfs _definst_ 0.0 [any] 1935 rtmp://127.0.0.1/live-sfs 127.0.0.1 rtmp unknown WIN 11,1,102,55 1126318473 3331 3073 - - - - - - - - - - - - - rtmp://127.0.0.1/live-sfs -
2012-01-23 19:58:00 BRST disconnect session INFO 200 1126318473 - _defaultVHost_ live-sfs _definst_ 0.078 [any] 1935 rtmp://127.0.0.1/live-sfs 127.0.0.1 rtmp unknown WIN 11,1,102,55 1126318473 3347 3370 - - - - - - - - - - - - - rtmp://127.0.0.1/live-sfs -
Wowza Support
You show an RTMP address with a 127.0.0.1, but that is irrelevant.
It is the domain of the HTML container that this controls. That is the HTML page that your users load in a browser that then loads an SWF file.
For example:
http://[my-web-server-address]/myplayerpage.html
If the above page is what your users navigate to and that loads the SWF file that is your player, then [my-web-server-address] is what you want to make sure is the only domain that can load your swf, so that [your-competitors-web-page] cannot hotlink your SWF. Do you understand?
Richard
Member
Richard,
I tested on Livevideostream in the examples folder. If I remove the hotlink denial, it works fine, if I setup hotlink denial, the connection is rejected.
I think that I understood. To test if the localhost is permitted I need to install a web server on my machine and open a page with http://127.0.0.1/live/mystream. Is it?
Another doubt, I put this code into of the other page and the player opened, but the hotlink denial is setup and the domain of this other page is not permitted. Why the player opened? How I protect this? If I try open the player directly in other domain, the "hotlink denial" deny the player perfectly.
<td height="436" align="left" valign="top"><iframe id="aovivoCamera" src="http://www.mydomain.com.br/cameras/cidades/jlle/joi004.html" width="668" height="436" frameborder="0" scrolling="No">Carregando...</iframe></td>
-----
<Property>
<Name>domainLock</Name>
<Value>127.0.0.1,*mydomain.com.br</Value>
</Property>
Wowza Support
Alan,
What do you want to do? There are several security measures that we offer that have specific purpose. You seem to be just throwing everything against the wall to see what sticks, then posting to the forum to sort it out. This is not working. Tell us exactly what you are doing and what you want to prevent, and what you want to allow.
Richard
Member
Hello Richard,
I am sorry if appears that I am only doing questions about everything, but I have a purpose. My company is developing a project to install several IP cameras on the city to put the images on the Internet. It is the first time that I work with the FMS and I have some questions about, several I solved with the help of you. Until the end of the project I go through some stage:
- Installation of the Wowza; OK
- To get incoming stream of IP camera; OK
- Publish the stream to several devices; OK
- To do transcoder to some IP cameras that has bigger bitrate; OK
- To create flash players; OK
- Tunning the Wowza; OK
- Record the images; OK
- Improve security; This still need help.
I am sorry again, but my boss wants result and that's why I ask your help. May be that after the security stage appears other thing because is with the implementations that I see the problems. If you see my older posts you will notice the evolution of my project.
Now I am worried with the security. How I said on the last post I setup the hotlink denial to prevent that others publish my flash player in their sitios. But I saw that if I put the link "http://www.mydomain.com.br/xxxx/joi004.html" into other sitio (domain), the flash player works too. I want to prevent this.
Also if somebody try to play my stream with rtsp (by VLC player) him can. I need to prevent this too. I already changed the application.xml like below, but the VLC plays still without user and pass.
<Authentication>
<PublishMethod>digest</PublishMethod>
<PlayMethod>none</PlayMethod>
I need your help.
Wowza Support
Change this:
To thisCode:<PlayMethod>none</PlayMethod>
RichardCode:<PlayMethod>digest</PlayMethod>
Member
Richard,
I changed and it works well at the first time, but when I stop and start (VLC) it asks the user and password twice and no play. I wait some minutes and sometimes when I try again
it works. I already put the userpass together with the address but no play too. (rtsp://rtspuser
I already aplied this but the problem continous.
http://www.wowza.com/forums/content....P-interleaved)
I already tested on the machine where the Wonza is installed to verify if the problem is the firewall, but the problem continuous.
Last edited by alan_testoni; 01-28-2012 at 08:47 AM.
Wowza Support
If you want to put username and password in the URL like that, change PlayMethod to "basic"
Richard
Member
Richard,
It is works well now. Thanks.
Now I go configure the secure token.
Posting Permissions
Reply With Quote