Wowza Streaming Engine SecureToken uses ambiguous URL formats to access the same underlying asset

In the Wowza Streaming Engine SecureToken implementation, the stream path is used to generate the digest. However, the same media asset can be accessed through multiple URL variants, for example:

• http://server/vod/_definst_/sample.mp4/playlist.m3u8

• http://server/vod/mp4:sample.mp4/playlist.m3u8

• http://server/vod/sample.mp4/playlist.m3u8

If I generate the digest using vod/sample.mp4, internally Wowza may resolve the request to vod/_definst_/sample.mp4 use this path to digest the streams, i can’t play it, so I must using different path to digest, very confusing to serve the stream.

My goal is to protect the asset sample.mp4. I plan to implement a custom authentication module that verifies signed access to the asset. If I perform this validation in onHTTPCupertinoStreamingSessionCreate, will this provide sufficient protection for playback across all HLS requests?

Hi John,
Using onHTTPCupertinoStreamingSessionCreate should work. However, what you’re describing with Secure Token should work correctly anyway as the Wowza Streaming Engine software should be applying the token against the same URL that the player uses.

If this is not happening (server switches to a different URL), I recommend creating a ticket so the Technical Support Team can investigate further.
Open a support ticket

Regards,
Jason Hilton
Senior Technical Support Engineer
WOWZA | The solution you start with, the partner you scale with.

Manage your Support cases online
Bookmark our FAQ page
Bookmark our Status page