Have a situation where a client is needing the stream to only be allowed through a firewall. I had setup Geo-blocking on (allowing just in my country - Australia) and then “Allow from the following IP” and listed all of the IP addresses the firewall let’s through.
However the stream still seems to work outside of this. My thinking was that Geoblocking opens up and the IP over ride is ignored because the geo-blocking criteria is met (ie. the user IS in Australia, so not checking the IP pool I’ve entered).
My question is - do I need to change to DENY Geo block all countries inc Australia, and then with the IP over-ride enabled to ALLOW from my IP pool - so that everything is blocked but those IPs. Just trying to understand how the Geo-blocking works alongside IP over ride.
Again my task is to ONLY allow users to view streams from a select pool of IP addresses. This is on cloud services as I need to cater for 3-5k users.
Did you follow Step 7 from our Cloud documentation on Geo-Blocking with IPs?
Step 7.
To allow streaming at IP addresses even if they’re within a blocked location select Allow playback from the following IP addresses. To deny streaming to IP addresses even if they’re in an allowed location, select Deny playback from the following IP addresses. Enter one or more IP addresses separated by commas.
https://www.wowza.com/docs/geo-block-wowza-cdn-on-fastly-stream-targets-in-wowza-streaming-cloud
Also keep in mind that Cloud by default, uses Fastly. If you’re using Akamai in Cloud, that is a different document:
https://www.wowza.com/docs/how-to-geo-block-stream-targets-by-using-the-wowza-streaming-cloud-rest-api
Only thought the REST API and it’s the whitelist parameters for IP blocking.
If neither of these work, then please submit a support ticket, so we can test it out for you. Thanks.
Yes, the way I got it working was to deny streams from all locations except one country, then allow IP addresses from my select pool of addresses. This then correctly denied anyone other than users from those IP addresses. Didn’t work unless I firstly had Geo-blocking in place (ie. it would allow anyone because it met the geo-location criteria).
Would be good to have an option for “Geo-block all locations” - then allowing you to open for certain IPs; hope this makes sense.
Hi Chris,
We are going to add your suggestion to our feature request queue. No ETA, but something I will champion to get priority on our roadmap.