Results 1 to 10 of 10

Thread: Protecting Content Directory from direct downloading? Embarrassed to ask

  1. #1

    Default Protecting Content Directory from direct downloading? Embarrassed to ask

    Okay honestly I am very embarrassed to ask this. I have Wowza working with all of the security features offered, but I don't know how to simply protect the content directory from direct access. I don't want people just typing out the path and downloading the files. What should I do?

  2. #2
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    There is no access like that to Wowza content folder, where your user could type out a path.

    Richard

  3. #3

    Default

    Richard,

    Thanks for the reply. Does that mean I should have the folder structure outside of the public_html folder? Can you point me to the documentation on this?

    Thx,
    Aaron

  4. #4
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    Aaron,

    If you have mapped your web server to your Wowza content location, then you do have a security problem. You don't need to do that for Wowza, so just change that location in your web server.

    Richard

  5. #5

    Default

    Richard,

    Actually what I had done was I moved only my content directory to inside the public_html folder... honestly I can't remember why I did this, so now I'm going to move the content back to the original folder that's created with the Wowza install and then create a user with access just to that folder for uploading. Am I on the right track now?

    Thx,
    Aaron

  6. #6

    Default

    What you need depends on what you mean by uploading. What do you mean by uploading?

    If you mean recording using a Wowza module, then the location doesn't really matter.

    If you mean uploading files from your web-based CMS then the folder needs to be writable by your Apache user (usually www-data). This is the scenario where you would want to change your Wowza content directory to somewhere under your Apache web-root.

    You can restrict people from browsing directories in your web-root through Apache by either turning off indexing in your httpd config, or using a .htaccess file, or by putting an index.html file in the directory. More info on Apache security here:

    http://httpd.apache.org/docs/1.3/mis...rity_tips.html
    http://www.petefreitag.com/item/505.cfm
    Last edited by randall; 12-09-2011 at 11:47 PM.

  7. #7

    Default

    Randall,

    By uploading, I mean .mp4 files going up from an FTP program. This is for a RTMPe multi-bitrate video on demand type set up. I'll have an FTP username/password linked securely to the content directory which I'll use to upload. In this case is it safe to keep the default folder structure and upload the way I imagine doing it, or is this not what's intended?

    Thanks,
    Aaron

  8. #8

    Default

    Not quite sure what to suggest. I think you'll want to brush up on your unix permissions security, and look to your FTP server documentation for how to restrict read/write/execute access on certain folders. You'll want to prevent users from accessing other folders.

    I think it is atypical to allow users to write to your root partition. (If they fill up your root partition your server might crash). You'd want to let them write to a separate partition like /var or /home. (assuming they are on a separate partition).

  9. #9

    Default

    Randall,

    Thanks for the reply but I think we got confused in the middle of the conversation. Let me try to simplify...

    I have Wowza running on a server. I now have my media inside of the default "content" directory: /usr/local/WowzaMediaServer-3.0.3/content

    Really, I'm simply trying to figure out where that "content" directory should reside.

    It sounds like Richard is talking about it staying put, but you're saying it's atypical to be in the root. Where's this thing need to go haha?! Sorry I'm confused with something probably so clear to others.

    Thanks, Aaron

  10. #10
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    It doesn't matter where a content location is. You said it was also mapped to your web server, which is not secure, so you probably don't want to do that unless that is useful for some reason. Otherwise put it any where you want.

    Richard
    Last edited by rrlanham; 12-11-2011 at 03:36 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •