Flussonic Media Server documentation

How to deny access via IP address

It is sometimes necessary to restrict access to certain IP addresses, or to allow access to a stream only by a specific IP address. It can be done with auth configurator.

You can setup very flexible authorization schemes with auth configurator. On this page, we will give examples of how to block certain IP addresses, or how to skip the check of tokens for some IP addresses. This can be useful in monitoring systems.

All the following rules can be applied to a single stream or as a global setting.

stream ort {
  url udp://239.255.0.1:5500;
  auth auth://blacklist;
}

Where blacklist is a name of one of the configured backend. Sure, you can configure more than one auth rule.

Block Anchor Anchor x2

This settings you can set via /etc/flussonic/flussonic.conf file.

auth_backend blacklist {
  deny ip 1.1.1.1;
  deny ip 2.2.2.2;
  deny ip 10.10/16;
  allow default;
}

The rule denies access for two certain hosts (1.1.1.1, 2.2.2.2) and whole subnet (10.10.0.0/16).

The allow default; string means allowing all connections by default.

Allow Anchor Anchor x2

auth_backend whitelist {
  allow ip 192.168.0/24;
  allow ip 10.10/16;
  allow ip 8.8.8.8;
}

The rule allows playback only for specified networks and one certain IP address. Other connections will be blocked.

auth_backend multi {
  allow ip 192.168.0/24;
  backend http://<HOSTNAME>/stalker_portal/server/api/chk_flussonic_tmp_link.php;
}

The rule allows playback without a token from the local network, other connections will be checked via IPTV Middleware.