We are looking to lock down our Wowza Streaming Engine implementation to be only accessed via requests from our web server(s). Thus ensuring only authenticated users can access our content. Our web servers can make SSL requests for streaming content and we would like Wowza to identify a specific client certificate and only handle requests with this certificate. Has anyone done anything like this? Thanks in advance.
Limiting direct access to Wowza Streaming Engine content to only requests from specific server/client certificate
I don’t believe we have a way to authenticate based on a specific certificate, but you could restrict it based on the IP address. Let me check with the engineers though to be sure. Also, HTTPS by itself doesn’t secure media streams, but when used in conjunction with some type of token-based authentication system, it can more fully protect streaming.
Thanks! We are simply trying to NOT allow direct access to our WSE for users that have not gone through our MAC/DAC requirements to view content. We are an enterprise environment with this constraint. Has anyone front-ended WSE with something like Nginx to proxy requests? Our MAC/DAC functionality is REST based and our environment uses PKI authentication. What are the options locking down WSE in this manner?
Our engineers say it IS possible to do this, but a bit tricky to set up. I can have someone reach out to you with more info ok? They’d like to take a closer look.
Also, the engineers say that because Wowza is IP based, not MAC based, you could write a plugin or use something else to validate the IP address.