Use a query string instead of a stream name to do your authentication. A user posted an example: Application exists for RTMP but not RTSP?
On your webserver md5 encode your random salt and their IP and then add the current unix timestamp to the result. On the Wowza module, recalculate hash from their IP + salt, then subtract from key leaving unix time. This will accomplish two things:
-
Ensure the person who requested the URI is the same IP as the one playing it.
-
Provide a time, that you can check/reject.