We are evaluating using WMS as a replacement for Flash Media Server at our client. Our deployment scenario is as follows:

1. Wowza installed on a Red Hat Ent Linux 64 Bit host

2. A SAN mounted file system on the Wowza host that contains the FLV files that will be streamed to a Flash Video Player

3. RTMP or RTMPS will be the protocols used.

We have two issues with how Wowza (and FMS) work out of the box:

1. The RTMP based URL can be passed around without any restrictions

2. The RTMP based URL contains the absolute path to the FLV files, and we do not wish to expose this path as the RTMP stream will be internet accessible and there are additional files in the same location as the FLVs that are sensitive. We absolutely cannot take a chance at exposing where these files reside.

I understand that Wowza is extensible and has a built in Java API (which is why we are looking at it as a potential solution).

What I need to understand at a high level is can we create custom server side modules to enable the following capabilities using WMS and it’s Java API:

1. Create a time limited URL that WMS respects?

2. Not reveal the path to the FLV in the HTML that embeds the Flash Player SWF?

Let me know if further details are needed to help.

-Faisal

Hi,

Wowza should run fine on Red Hat EL 64 bit. Have a look at the Performance tuning guide to fine tune your setup.

If you don’t need the full implementation of ssl certificates then RTMPE will encrypt the streams and is a lot less cpu intensive on the server.

Wowza has various security add-ons that you can use to overcome the issues that you are concerned with. Get a copy of the MediaSecurity Package and have a look at the User guide included.

Secure Token. This add-on provides an authentication mechanism to make sure that it is your player that is trying to connect to your server. Use in conjunction with a Hotlink Denial Module to prevent other people from using your player on their site.

Require Secure Connection. This option is include with Secure Token and when set will require the connection to use either RTMPE, RTMPTE or RTMPS to connect and will reject RTMP or RTMPT.

StreamNameAlias. This add-on will hide the original stream names and locations by using an alias on the player side. On the server, you can either use a text file to map your aliases to the real name or there is a simple api that can be included in a module to do more complex aliasing.

If you need to do further authentication then this would be done in a custom module in the onConnect method which is called for each flash client connection and you can accept or reject the connection depending on your own criteria. An example might be that the player passes the browser session id to Wowza and that is authenticated with the web server to make sure that the session is still valid.

Roger,

Thank you for the quick reply. I am considering leveraging the onConnect method you mentioned. Two questions if I go this route:

1. What class would I use to inspect the requested RTMP based URL, so that I can parse out a session ID that was placed in the URL?

2. How would I change the stream URL and send that back to the flash player?

For example, if the URL placed in the flash player was: rtmp://server.com/vod/?session=100

I would validate the session in the onConnect and then want to have the flash player connect to the following URL: rtmp://server.com/vod/path/to/file.flv

Thanks,

Faisal

1. As shamrock says, you can use client.getQueryStr(); to get the queryString and then split it into it’s separate parts.

2. You don’t need to send the real stream name back to the player. When you play a file, you can use an alias and then in your module, and either use the StreamNameAlias package (part of the Media Security package or available separately) or implement IMediaStreamNameAliasProvider to resolve the alias to the real name when it is played.

public class ModuleDebug extends ModuleBase implements IMediaStreamNameAliasProvider {

	public void onAppStart(IApplicationInstance appInstance) {
		appInstance.setStreamNameAliasProvider(this);
	}

	@Override
	public String resolvePlayAlias(IApplicationInstance appInstance, String name) {  // This method is for play streams
		String realName = resolveRealName(name);
		return realName;
	}

	@Override
	public String resolveStreamAlias(IApplicationInstance appInstance, String name) {  // This method is for mediacaster streams
		return name;
	}
}

1. Yes it is.

2. IMediaStreamNameAliasProvider2 extends IMediaStreamNameAliasProvider to give extra methods for specific connections. If you need to do aliasing at a client level then use this one.

3. No it shouldn’t as long as you follow normal html rules and escape special characters etc.

For examples of these suggestion, see the Dynamic Load Balancer Package /src/ModuleLoadBalancerRedirector.java and /client/redirect.fla.

The essential server-side part is:

client.redirectConnection(url);

See the Server-side API for other variations client.redirectConnection

The client-side is handled in the NetStatusEvent event handler.

This is an remap stream in play command

https://www.wowza.com/docs/how-to-override-play-to-remap-a-stream-name

Richard

I think you can do the following

i)

[PHP]

public void onConnect(IClient client, RequestFunction function,

AMFDataList params) {

String test = client.getQueryStr();

}

[/PHP]

should give you the query string send in the RTMP connect message

2. You could issue a RTMP redirect, or alternatively you could change the name presented by the client and so transparently play the requested content to the client.

Shamrock

Roger,

Thank you for the quick reply. I am considering leveraging the onConnect method you mentioned. Two questions if I go this route:

1. What class would I use to inspect the requested RTMP based URL, so that I can parse out a session ID that was placed in the URL?

2. How would I change the stream URL and send that back to the flash player?

For example, if the URL placed in the flash player was: rtmp://server.com/vod/?session=100

I would validate the session in the onConnect and then want to have the flash player connect to the following URL: rtmp://server.com/vod/path/to/file.flv

Thanks,

Faisal

Thank you all for the prompt and helpful replies. Roger, your last reply seems the most straightforward approach. A couple of questions on this:

1. If I leverage the IMediaStreamNameAliasProvider interface, I assume that the event management is hooked into the class when I register the class in the onAppStart method?

2. I saw an IMediaStreamNameAliasProvider2 interface in the api docs. Is there any advantage to using this interface?

3. In the flashvars param in the HTML, if I have value such as:

Will the bolded text (which would represent a unique key I can do a lookup on for the actual file name in my resolvePlayAlias implementation) cause any issues for a flash player or WMS?

I’m going to try working with the resolvePlayAlias method and I will probably answer these questions myself soon enough. But I appreciate all the help I’ve received.