Wowza Community

Preventing hotlinking of RTMP

I have gone through the tutorial

https://www.wowza.com/docs/how-to-combat-hotlinking-your-adobe-flash-swf-file

But still i can access my stream from any domain name. I have some doubts regarding the addition of the module. I have extracted and copied /lib/wms-plugin-collection.jar from the package to the Wowza /lib folder. Where the other files are to be extracted?

In the Application.xml , Does the following line denotes the path?

<class>com.wowza.wms.plugin.collection.module.ModuleHotlinkDenial</Class>
 

Please do guide me. I am new to Wowza and started learning a week ago.

Hi,

Have you added the Module and Properties to the Application.xml file?

After adding the files to the lib directory, Wowza will need to be restarted.

Add this Module last in the Modules section of your Application.xml

<Module>
	<Name>Hotlink Denial</Name>
	<Description>Hotlink Denial Module</Description>
	<Class>com.wowza.wms.plugin.collection.module.ModuleHotlinkDenial</Class>
</Module>

Add this Property section to the Properties section below the Modules in the Application.xml

<Property>
	<Name>domainLock</Name>
	<Value>localhost,mysite.com</Value>
</Property>
<Property>
	<Name>AllowEncoder</Name>
	<Value>Wirecast</Value> <!--FM, Wirecast-->
</Property>

After restarting Wowza are you able to play the RTMP stream from another site?

Jason

still i can access my stream from any domain name.

What do you mean exactly? The hotlinkdenial helps prevent others from hotlinking your player’s swf file. It does not prevent anyone from using your RTMP url in their player.

Take a look at Security Overview guide. You probably want to use SecureToken.

Richard

If your clients are all RTMP players and you are doing vod streaming, a full security suite includes SecureToken, RTMPE or RTMPS, HotLinkDenial and hotlink denial .htaccess rules.

If you are doing live streaming from a RTMP encoder, you would also use ModuleRTMPAuthenticate, which includes SecureToken.

Richard

Hi,

When you have added the Wowza Modules collection (wms-plugin-collection.jar) to the [Wowza-Install]/lib directory and added the Properties already mentioned then restarted Wowza, you will then be restricting the playback to the site configured by the domainLock Property. In the example Properties above, the website you want the stream to play from is called mysite.com and you will be allowing Wirecast encoders to publish to the application.

The code is provided for adjusting the Module should you choose to but is not needed other than for this purpose.

Can you post the Application.xml in the thread for me?

Thanks

Jason

*Corrected typing error from [Wowza-Install]/bin to [Wowza-Install]/lib.

Hi,

Also if you have “localhost” in the domainLock Property then any requests from the players on the same server as Wowza will be allowed.

<Property>
	<Name>domainLock</Name>
	<Value>localhost,mysite.com</Value>
</Property>

Jason

Try placing the Hotlink denial module last in the modules list. Also, to clarify, you’ll want to put the jar file in the [install-dir]/lib folder. If you have further issues run it in DEBUG mode and you should see each module load for the given application.

I have tried this. But Still i can play my stream from another site. I have extracted the .java files to /usr/local/WowzaMediaServer/src/com/wowza/wms/plugin/collection/module/

Is this path correct? What is the role of Wirecast in the code?

true

default

${com.wowza.wms.context.VHostConfigHome}/content

${com.wowza.wms.context.VHostConfigHome}/keys

${SourceStreamName}.xml,transrate.xml

${com.wowza.wms.context.VHostConfigHome}/transcoder/profiles

${com.wowza.wms.context.VHostConfigHome}/transcoder/templates

0

${com.wowza.wms.context.VHostConfigHome}/dvr

append

vodcaptionprovidermp4_3gpp

cupertinostreaming,smoothstreaming,sanjosestreaming

-1

*

*

*

*

digest

none

senderreport

12000

75

90000

0

0.0.0.0

127.0.0.1

*

interleave

Hotlink Denial

Hotlink Denial Module

com.wowza.wms.plugin.collection.module.ModuleHotlinkDenial

base

Base

com.wowza.wms.module.ModuleCore

logging

Client Logging

com.wowza.wms.module.ModuleClientLogging

flvplayback

FLVPlayback

com.wowza.wms.module.ModuleFLVPlayback

domainLock

localhost,stream4life.com

AllowEncoder

Wirecast

In the Tutorial, it is instructed to copy /lib/wms-plugin-collection.jar from the package to the Wowza /lib folder. But you said to copy it to [Wowza-Install]/bin directory . Anyways i tried both and nothing worked :frowning: . Can i check the currently loaded modules of Wowza using some command?

Not working :frowning: :frowning:

What do you mean exactly? The hotlinkdenial helps prevent others from hotlinking your player’s swf file. It does not prevent anyone from using your RTMP url in their player.

Take a look at Security Overview guide. You probably want to use SecureToken.

Richard

I tried the default wowza player in another browser and played the rtmp stream. Is nt it called as hotlink?

Thanks all :slight_smile: