Security features in Wowza Video Legacy

The Wowza Video™ service provides a range of security features that allow you to protect the delivery of and access to a stream as it moves from camera or source encoder to the transcoder, from the transcoder to a stream target, and from the stream target to a player. You can also limit access to playback based on geographic location, requesting domain, using AES-128 encryption, or token authorization. 

This article outlines which security features are available for different types of streams. It also points to step-by-step instructions for implementing the security features using the Wowza Video REST API or the Wowza Video user interface.

Security features for HLS streams using Wowza CDN on Fastly


The following features are available to secure an HLS stream that uses Wowza CDN on Fastly stream targets in Wowza Video.

User authentication for source connection on Fastly

User authentication for HLS streams provides a secure connection from the source encoder or camera into the ingest origin server and prevents third parties from connecting to and altering your stream. When user authentication is enabled on a push stream, Wowza Video requires the source encoder or camera to use a username and password associated with the stream to establish a connection. You can set the username and password values, or you can have Wowza Video generate values for you. You can also configure user authentication on a pull stream so that the source encoder or camera uses values set on the encoder side to connect to a live stream or transcoder in Wowza Video.

See these articles to configure user authentication for streams using Wowza CDN on Fastly targets:

SSL for playback on Fastly

After Wowza Video transcodes (or passes through) encoded live source video, it passes the video stream through stream targets. Those targets deliver the stream to viewers, such as through a hosted webpage or a direct playback URL.

Secure Socket Layer (SSL) can provide secure and encrypted HTTPS connections as a stream moves through the network connections from stream targets to playback destinations. When a specific stream target property is enabled, Wowza Video uses SSL to establish a handshake for encrypting HTTP connections. For streams using Wowza CDN on Fastly targets, you can choose to deliver streams to players for playback using SSL and require the player client to use HTTPS for playback.

Encrypting connections between servers and clients using SSL and HTTPS prevents data from being intercepted and manipulated in transit and prevents third parties from altering a stream as it moves between servers. As of 2018, certain browsers warn users against websites with content served over unsecured HTTP connections. Configuring SSL for your HLS streams can help secure streams and avoid browser warnings.

See these articles to configure SSL playback for streams using Wowza CDN on Fastly targets:

Geo-blocking for playback on Fastly

Geo-blocking through Wowza Video allows you to selectively allow or block access to Wowza CDN on Fastly stream targets to control where a stream can be viewed. You can use geo-blocking to specify which countries or regions are allowed or which countries or regions are blocked. You can also allow streaming at specified IP addresses even if they're within a blocked location.

See these articles to configure geo-blocking for streams using Wowza CDN on Fastly targets:

Referer policy for playback on Fastly

Setting the referer policy through Wowza Video allows you to selectively to allow or block access to streams, depending on the domain that requests access. When you enable and configure the referer policy, clients and players requesting access to the stream must send a Referer header and must meet the policy requirements you've set for the stream target.

For more information about the Referer header, see the HTTP specification.

See these articles to configure the referer policy for streams using Wowza CDN on Fastly targets:

Note: You can only enable and configure the referer policy through the Wowza Video REST API. 

Token authentication for playback on Fastly

Token authentication protects streams using Wowza CDN on Fastly targets by requiring a token, which is hashed and appended to the playback URL, for viewer access. You can use token authentication to make a stream playback URL unavailable after a certain length of time, to limit access to approved IP addresses, to provide content to paying viewers only, or to apply other restrictions. Token authentication prevents playback URLs from being shared by unauthorized links or player hijacking attacks.

See these articles to configure token authentication for streams using Wowza CDN on Fastly targets:

AES-128 encryption for playback on Fastly

AES-128 encryption protects streams using Wowza CDN on Fastly targets by requiring devices to provide a matching key before a stream can be played. Wowza Video uses the external method of AES-128 encryption. When you use the external method, encryption keys are delivered to devices from an external URL.

See these articles to configure AES-128 encryption for HLS streams using Wowza CDN on Fastly targets: