Protecting Content Directory from direct downloading? Embarrassed to ask
Okay honestly I am very embarrassed to ask this. I have Wowza working with all of the security features offered, but I don't know how to simply protect the content directory from direct access. I don't want people just typing out the path and downloading the files. What should I do?
Actually what I had done was I moved only my content directory to inside the public_html folder... honestly I can't remember why I did this, so now I'm going to move the content back to the original folder that's created with the Wowza install and then create a user with access just to that folder for uploading. Am I on the right track now?
What you need depends on what you mean by uploading. What do you mean by uploading?
If you mean recording using a Wowza module, then the location doesn't really matter.
If you mean uploading files from your web-based CMS then the folder needs to be writable by your Apache user (usually www-data). This is the scenario where you would want to change your Wowza content directory to somewhere under your Apache web-root.
You can restrict people from browsing directories in your web-root through Apache by either turning off indexing in your httpd config, or using a .htaccess file, or by putting an index.html file in the directory. More info on Apache security here:
By uploading, I mean .mp4 files going up from an FTP program. This is for a RTMPe multi-bitrate video on demand type set up. I'll have an FTP username/password linked securely to the content directory which I'll use to upload. In this case is it safe to keep the default folder structure and upload the way I imagine doing it, or is this not what's intended?
Not quite sure what to suggest. I think you'll want to brush up on your unix permissions security, and look to your FTP server documentation for how to restrict read/write/execute access on certain folders. You'll want to prevent users from accessing other folders.
I think it is atypical to allow users to write to your root partition. (If they fill up your root partition your server might crash). You'd want to let them write to a separate partition like /var or /home. (assuming they are on a separate partition).
Thanks for the reply but I think we got confused in the middle of the conversation. Let me try to simplify...
I have Wowza running on a server. I now have my media inside of the default "content" directory: /usr/local/WowzaMediaServer-3.0.3/content
Really, I'm simply trying to figure out where that "content" directory should reside.
It sounds like Richard is talking about it staying put, but you're saying it's atypical to be in the root. Where's this thing need to go haha?! Sorry I'm confused with something probably so clear to others.
It doesn't matter where a content location is. You said it was also mapped to your web server, which is not secure, so you probably don't want to do that unless that is useful for some reason. Otherwise put it any where you want.