Wowza Community

Signed (with Secure Token) RTSP url is inaccessible

I’ve got some problems with signed (with Secure Token) RTSP url. All other protocols works for me. I’m not sure, but I think that we’ve tested our code on previous versions of WowzaStreamingEngine 4 and it worked, but I’ve started noticing it on 4.6.0, but I can be wrong…

Scenario:

  • I’m trying to request data from this url:

    [HTML]rtsp://127.0.0.1:20222/live/test.stream?secure-custom=test&secure-starttime=1286144284&secure-endtime=1586144284&secure-hash=1IH8ntZtIlwSCfFiJ26KuOuR6ZREzHMXsEErBtEqsFE=[/HTML]

  • I’m getting 403 response.

  • What is really funny, provided hash is correct (from logs):

    [HTML][live/definst]ModuleCoreSecurity:hashCalculated: 1IH8ntZtIlwSCfFiJ26KuOuR6ZREzHMXsEErBtEqsFE=[/HTML]

  • Of course I’ve tried also simplest possible option and made requests without any parameters - like this:

    [HTML]rtsp://127.0.0.1:20222/live/test.stream?secure-hash=FpGtTVwrnPDhjGq16tcmtXiBx3Sxx9A7WdFM[/HTML]

    and hashes also mached in those cases, but I still wasn’t able to access stream.

  • All the time I’m getting this error:

    [HTML] [live/definst]SecureTokenDef:Request from client IP address, 127.0.0.1, doesn’t match base URL, live/test.stream[/HTML]

    Additional info:

  • I’ve tried also turn on DEBUG logging, but it didn’t provide any additional information.

  • I’ve done all these tests on Wowza 4.6.0 with my developement keys.

  • Without secure token I can access this stream freely.

    Could you give me any hint what I’m doing wrong?

After update to WowzaStreamingEngine-4.0.6.02 all my tests are passing and rtsp protection works fine!