Skip to main content
F
firemedic47
Participant
January 26, 2009
Answered

Restricting LIVE feeds by IP address

  • January 26, 2009
  • 1 reply
  • 512 views
I want to restrict the ability for encoders to connect and stream to my FMS [3.0] server by their IP addresses.
So basically, 1.1.1.1 can connect and send in a stream named 'livestream' (very original I know). However, if 2.2.2.2 tries - nothing happens.
While at the same time, I don't want to restrict playback at all...

I know I can use an FMS authentication plug in to add user/pass auth on the encoder side...
What I'm trying to do is allow anyone in my building to stream but no one else. If I use a user/pass auth, if that gets out in the open then (baring firewall acls), anyone can stream to my FMS server.

Anyone know how to implement this?

Much obliged for any and all help..
    This topic has been closed for replies.
    Correct answer charlie832
    You would need to add ip checking inside of the application.onPublish(client,stream) function, this gets called when a user attempts to publish a stream. client.ip would return the address of the publisher. a simple application.disconnect(client) would probably do what you need if the ip isn't matched.

    1 reply

    C
    charlie832Correct answer
    Inspiring
    January 27, 2009
    You would need to add ip checking inside of the application.onPublish(client,stream) function, this gets called when a user attempts to publish a stream. client.ip would return the address of the publisher. a simple application.disconnect(client) would probably do what you need if the ip isn't matched.
    F
    firemedic47Author
    Participant
    January 28, 2009
    quote:
    Originally posted by: charlie832
    You would need to add ip checking inside of the application.onPublish(client,stream) function, this gets called when a user attempts to publish a stream. client.ip would return the address of the publisher. a simple application.disconnect(client) would probably do what you need if the ip isn't matched.


    Thanks a lot!! You got me on the right track. I invoked the Powers Of Google and eventually came up with this:

    function getAllowedIPList() {
    var AllowedIPFile = new File ("AllowedIPList.txt") ;
    AllowedIPFile.open("text","read");
    application.AllowedIPList = AllowedIPFile.readAll();
    AllowedIPFile.close();
    delete AllowedIPFile;
    }

    application.onPublish = function(pClient,myStream) {
    var isAllowed = false;
    getAllowedIPList();
    for (var index=0; index<this.AllowedIPList.length; index++) {
    var currentIP = this.AllowedIPList[index];
    if (pClient.ip == currentIP) {
    isAllowed = true;
    trace(pClient.ip + ": is on whitelist");
    break;
    }
    }
    if (isAllowed == false) {
    trace("Rejecting Encoder connection from: " + pClient.ip);
    application.disconnect(pClient);
    }
    }

    The encoder connects, appears to be streaming but constantly drops connection and reconnects. Not quite as good as having the door slammed in its face but the net result is that the encoder won't be able to push a feed live unless its ip is in the AllowedIPList file...
    C
    charlie832
    Inspiring
    January 29, 2009
    You could always implement a ban list as well, and not let them connect again.
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices