Flussonic Media Server documentation

How to deny access via IP address

It is sometimes necessary to restrict access to certain IP addresses, or to allow access to the stream only to a specific IP. This problem can be solved with the authorization Lua script.

Create the file /etc/flussonic/ban-ip.lua and add it in flussonic config:

auth /etc/flussonic/ban-ip.lua;

In the script you can specify the IP addresses and streams:

These IPs is denied access to all streams:

banned = { "1.2.3.4", "1.2.3.5" }

Access is limited separately for streams "chan1" and "chan2":

blacklist = { ["chan1"] = { "1.2.3.6", "1.2.3.7" },
              ["chan2"] = { "1.2.3.8", "1.2.3.8" } }

To this stream access is allowed only one IP address:

whitelist = { ["chan3"] = { "1.2.3.10" } }

The script "ban-ip.lua", in which you have to set the values "banned", "blacklist" and "whitelist":

-- local req = { ip = "11.12.13.14", name = "chan3" }
-- print(req.ip)
-- print(req.name)


-- Deny access to all streams
banned = {
   "29.28.27.26",
   "44.45.46.47"
}

-- Deny access to some channels
blacklist = { ["chan1"] = { "1.2.3.10", "7.8.9.11" },
              ["chan2"] = { "3.4.5.12", "5.4.3.9", "115.220.48.35" }
}


-- To these streams access allowed only to certain ips
whitelist = { ["chan3"] = { "11.12.13.14", "15.16.17.18" } }



-- helper: check if element in list
function member(items, el)
   for _, item in pairs(items) do
      if el == item then
         return true
      end
   end
   return false
end


-- check banned
if member(banned, req.ip) then
   -- print("ip " .. req.ip .. " banned")
   return false, {code = 403}
end


-- check blacklist
local ips = blacklist[req.name]
if ips then
   if member(ips, req.ip) then
      -- print("ip " .. req.ip .. " banned on " .. req.name)
      return false, {code = 403}
   end
end


-- check whitelist
local ips = whitelist[req.name]
if ips then
   if not member(ips, req.ip) then
      -- print("ip " .. req.ip .. " not allowed on " .. req.name)
      return false, {code = 403}
   end
end

-- print("allow access")
return true, {}