Wowza Community

What's the point of token authentication if user and share m3u8 and play via VLC without any problem?

I really don’t understand.

I created signed url by using token authentication from this tutorial

But guess what my viewer still can copy m3u8 and share to anyone and paste it in open network menu in VLC and can watch it super smoothly without any protection.

Wowza Cloud should have feature that can protect playlist with domain referrer just like engine.

I responded in your other post asking the same question.

But, I’m adding a suggestion in both.

What you can try per the engineers is try the Access control property in WSC. -it forces the stream to only work from a defined domain.
So people would not be allowed to play it anywhere you don’t say it can be played.

May I know how can I access ‘Access control preperty’ in Wowza Streaming Cloud? Thank you for your answer.

I use “Stream Targets / Properties / HLS / Access Control: Allow Origin” to allow embedding into specific domain by browser.
But it doesn’t affect VLC player…

This original post is on Streaming Cloud. Are you referring to Streaming Engine @BOOKSHOW_TW? If you are:
Can you check the application.xml file to make sure it was added properly?

<Value>Access-Control-Allow-Origin: *</Value>

If you are using Cloud @BOOKSHOW_TW did you try it with a different player to see if it’s a VLC issue we need to look at?

You are using Fastly which is the default in Cloud and you didn’t change it to Akamai?

Can you try it in this test player and see if it’s a configuration error or something with the VLC player version you are on?

Sometime the player has to have this in the settings @BOOKSHOW_TW for the “Allow origin” to work.

withCredentials: true

You can try a Demo player from JWPlayer here:

We most likely need to debug this in a support ticket for accurate diagnosis. You can run this in VLC player using Fastly in Cloud, so we’ll need to take a closer look.