Origin Edge Setup Security Settings

Question

I am currently testing security hardening with FMS 4.0.3 r4011 in an Origin Edge setup.

What I have found is that the SWF verification can only be processed on the Origin, is this correct? The config ( adobe/fms/conf/_defaultRoot_/_defaultVHost_/Application.xml ) within the Edge server is ignored when <SWFVerification enabled="true"> is set and the correct SWF file copied to the correct directory, once this config is enabled on the Origin then SWF-v takes place.

RTMPE calls from client to edge fails on the origin with error message connection rejected by server. Reason : [ Server.Reject ] : Connection failed.

We know RTMPE from edge to origin does not work ( with this version of FMS ), however if I remove the rtmp block ( <DisallowedProtocols></DisallowedProtocols> ), rtmpe from client to edge works and is accepted by the origin server. If I do the same call (rtmpe) direct to the Origin with rtmp blocked it works fine.

My questions really are how do I only allow rtmpe and enable SWF verification within an Origin Edge setup. Can the Edge server do any security checking?

To enable the Edge I have done the below and have successfully played content before changing to enable rtmpe only and enforce swf-v.

<Mode>remote</Mode>

<Anonymous>false</Anonymous>

<RouteEntry>*:*;my_origin_server_ip_removed:1935</RouteEntry>

SE_0208 · Answer

I think that's because edge to origin connection would be "rtmp" in case of rtmp/rtmpe connections. So i think you need to allow RTMP on Origin , Disallow RTMPE on Edge and enable SWFV on origin - have you tried that - i think that should work.

Are you concerned that Edge-Origin connection would be RTMP based?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded