Wowza Community

Proper HTML5 Hotlink Protection

Hello There,

I’ve googled to the end of the earth to find the right solution for this without leading to confusion and its to do with security and hotlinking. We have been plagued with people hotlinking without even a mention or credit on their side so we implemented the security addon.

Our current live video setup is FMLE -> Wowza 1.7 -> Flowplayer on a webpage

We currently have an RTSP setup with domain lock and hotlinking protection for flowplayer and it works perfectly however it limits us to only flash and cannot use iPad/iOS devices etc… as its RTSP and flash

We are looking at upgrading to 3.6 and utilising HTML5 however we have a few concerns about security. If we go down the HTML5 method that link will be in the source of the page in plain sight and everyone can hotlink it. We dont need encryption of the stream we just want people to use it from our site only. We are a not for profit organisation and Im a volunteer so my time is limited and I wanted to get this right first time.

Is there a method of restricting the video stream so only people who visit our webpage can see the link and protect it. It is an open webpage to the public. I was looking at http://blog.wmspanel.com/2012/05/protecting-wowza-from-re-publishing-re.html however it appears to be only for RTSP…?

Could anyone suggest a proper method of protecting html5 live video links?

Many thanks

Stephen

Stephen,

We don’t have a proper HotlinkDenial for http streaming at present, but take a look at HTTPSessionCreate as a place to control access to HTTP stream types

You can look at referrer here, but for iOS streams it is only populated for the first of two calls, the one for the playlist.m3u8. The 2nd one is for the chunklist and does not have referrer

Richard

Hi Stephen,

The WMSPanel hotlinking protection which you mention, works fine on any protocol supported by Wowza, including HLS.

You can read this post from Wowza forum to see real-life example from one of existing customer.