We have a Wowza server configured with a Live HTTP Origin application, and a number of non-Wowza edge servers running Varnish. We want to make sure that only the edge servers can access the origin. Because of Origin Mode in the application, all outgoing connections share session, thus it’s not possible to use the Client Restrictions as described in https://www.wowza.com/docs/how-to-configure-security-using-wowza-streaming-engine-manager, or use onHTTPSessionCreate for that matter. We can’t use IPTables to block unknown IP addresses, because we don’t know the IPs of incoming RTMP streams, who use the same port.
Any suggestions on how we can restrict access to the HTTP streams, so that only our own edge servers can pull the chunks?