Preventing hotlinking of RTMP

Stream_4life · October 28, 2013, 4:18pm

I have gone through the tutorial

https://www.wowza.com/docs/how-to-combat-hotlinking-your-adobe-flash-swf-file

But still i can access my stream from any domain name. I have some doubts regarding the addition of the module. I have extracted and copied /lib/wms-plugin-collection.jar from the package to the Wowza /lib folder. Where the other files are to be extracted?

In the Application.xml , Does the following line denotes the path?

<class>com.wowza.wms.plugin.collection.module.ModuleHotlinkDenial</Class>

Please do guide me. I am new to Wowza and started learning a week ago.

Jason_Hilton · October 28, 2013, 11:25am

Hi,

Have you added the Module and Properties to the Application.xml file?

After adding the files to the lib directory, Wowza will need to be restarted.

Add this Module last in the Modules section of your Application.xml

<Module>
	<Name>Hotlink Denial</Name>
	<Description>Hotlink Denial Module</Description>
	<Class>com.wowza.wms.plugin.collection.module.ModuleHotlinkDenial</Class>
</Module>

Add this Property section to the Properties section below the Modules in the Application.xml

<Property>
	<Name>domainLock</Name>
	<Value>localhost,mysite.com</Value>
</Property>
<Property>
	<Name>AllowEncoder</Name>
	<Value>Wirecast</Value> <!--FM, Wirecast-->
</Property>

After restarting Wowza are you able to play the RTMP stream from another site?

Jason

Richard_Lanham · October 28, 2013, 1:23pm

still i can access my stream from any domain name.

What do you mean exactly? The hotlinkdenial helps prevent others from hotlinking your player’s swf file. It does not prevent anyone from using your RTMP url in their player.

Take a look at Security Overview guide. You probably want to use SecureToken.

Richard

Richard_Lanham · October 28, 2013, 1:39pm

If your clients are all RTMP players and you are doing vod streaming, a full security suite includes SecureToken, RTMPE or RTMPS, HotLinkDenial and hotlink denial .htaccess rules.

If you are doing live streaming from a RTMP encoder, you would also use ModuleRTMPAuthenticate, which includes SecureToken.

Richard

Jason_Hilton · October 28, 2013, 12:18pm

Hi,

When you have added the Wowza Modules collection (wms-plugin-collection.jar) to the [Wowza-Install]/lib directory and added the Properties already mentioned then restarted Wowza, you will then be restricting the playback to the site configured by the domainLock Property. In the example Properties above, the website you want the stream to play from is called mysite.com and you will be allowing Wirecast encoders to publish to the application.

The code is provided for adjusting the Module should you choose to but is not needed other than for this purpose.

Can you post the Application.xml in the thread for me?

Thanks

Jason

*Corrected typing error from [Wowza-Install]/bin to [Wowza-Install]/lib.

Jason_Hilton · October 28, 2013, 3:43pm

Hi,

Also if you have “localhost” in the domainLock Property then any requests from the players on the same server as Wowza will be allowed.

<Property>
	<Name>domainLock</Name>
	<Value>localhost,mysite.com</Value>
</Property>

Jason

Matt_Young · October 28, 2013, 7:45am

Try placing the Hotlink denial module last in the modules list. Also, to clarify, you’ll want to put the jar file in the [install-dir]/lib folder. If you have further issues run it in DEBUG mode and you should see each module load for the given application.

Stream_4life · October 28, 2013, 5:18pm

I have tried this. But Still i can play my stream from another site. I have extracted the .java files to /usr/local/WowzaMediaServer/src/com/wowza/wms/plugin/collection/module/

Is this path correct? What is the role of Wirecast in the code?

Stream_4life · October 28, 2013, 5:53pm

true

default

${com.wowza.wms.context.VHostConfigHome}/content

${com.wowza.wms.context.VHostConfigHome}/keys

${SourceStreamName}.xml,transrate.xml

${com.wowza.wms.context.VHostConfigHome}/transcoder/profiles

${com.wowza.wms.context.VHostConfigHome}/transcoder/templates

0

${com.wowza.wms.context.VHostConfigHome}/dvr

append

vodcaptionprovidermp4_3gpp

cupertinostreaming,smoothstreaming,sanjosestreaming

-1

*

digest

none

senderreport

12000

75

90000

0

0.0.0.0

127.0.0.1

*

interleave

Hotlink Denial

Hotlink Denial Module

com.wowza.wms.plugin.collection.module.ModuleHotlinkDenial

base

Base

com.wowza.wms.module.ModuleCore

logging

Client Logging

com.wowza.wms.module.ModuleClientLogging

flvplayback

FLVPlayback

com.wowza.wms.module.ModuleFLVPlayback

domainLock

localhost,stream4life.com

AllowEncoder

Wirecast

Stream_4life · October 28, 2013, 6:01pm

In the Tutorial, it is instructed to copy /lib/wms-plugin-collection.jar from the package to the Wowza /lib folder. But you said to copy it to [Wowza-Install]/bin directory . Anyways i tried both and nothing worked . Can i check the currently loaded modules of Wowza using some command?

Stream_4life · October 28, 2013, 6:28pm

Not working

Stream_4life · October 28, 2013, 7:07pm

What do you mean exactly? The hotlinkdenial helps prevent others from hotlinking your player’s swf file. It does not prevent anyone from using your RTMP url in their player.

Take a look at Security Overview guide. You probably want to use SecureToken.

Richard

I tried the default wowza player in another browser and played the rtmp stream. Is nt it called as hotlink?

Stream_4life · October 29, 2013, 9:42am

Thanks all

Topic		Replies	Views
Restrict the domain that a specific stream is allowed to play Wowza Streaming Engine	9	6026	October 8, 2012
Prevent hotlinking to rtmp stream? Wowza Streaming Engine	3	2349	March 5, 2014
How to prevent the restreaming Wowza Streaming Engine	6	3454	April 8, 2014
PlayMethod / HotLinkDenial in WowzaStreaming Engine Wowza Streaming Engine server-administration	1	2137	March 31, 2014
allow domain list to stream from wowza server Wowza Streaming Engine server-administration	7	4403	May 7, 2012

Preventing hotlinking of RTMP

Related topics