Forum

Tokens ip locked?

Douggle 2016-10-15 21:45:46 UTC in Paywall: WMSAuth and beyond

What do I need to do to make the token that gets generated to a certain stream be locked to just that ip address?

Yury Udovichenko 2016-10-16 12:06:54 UTC 

Hello,

Please take a look at hotlink protection feature: http://blog.wmspanel.com/2013/11/nimble-streamer-protect-hotlinking-domain-lock.html
And also check full paywall feature set: https://wmspanel.com/paywall

Douggle 2016-10-16 18:45:01 UTC 

I have done that in depth and neither one of them describe what I asked bout, right now tokens are generated the problem is that anyoen can take a valid token and use it,I d like to lock that to a single ip address is there away to do so?

Yury Udovichenko 2016-10-17 00:55:50 UTC 

If you know the exact IP address, you can change this line
$ip = $_SERVER['REMOTE_ADDR'];
to
$ip = 'known IP adress'

I'd rather recommend using pay-per-view framework to control all your current connections: https://wmspanel.com/nimble/pay_per_view

Carleton 2016-10-17 20:07:53 UTC 

What if I don't know the IP address and I just want the token to play only off the end users IP. This way, he can't grab the token on his personal computer, then just paste his Computers Token on a Server. While I can just make the token last 1 minute, there is always ways around things. I think if this isn't an option it would be a great addition to Nimble/WMS.

Yury Udovichenko 2016-10-18 02:27:59 UTC 

Hotlink protection allows covering this use case. Once you get signed stream URL, this URL can be played only from the IP which was used for generating the signature. Please read this article carefully: http://blog.wmspanel.com/2013/11/nimble-streamer-protect-hotlinking-domain-lock.html

Douggle 2016-10-18 03:27:14 UTC 

I read this article and nothing in the article says that the token is locked to the users ip,

Yury Udovichenko 2016-10-18 04:39:42 UTC 

If you look at the code sample you can see it has IP encoded into the signature.

Douggle 2016-10-18 05:13:36 UTC 

<?php
$today = gmdate("n/j/Y g:i:s A");
$ip = $_SERVER['REMOTE_ADDR'];
$key = "pass";
$validminutes = 1;
$str2hash = $ip . $key . $today . $validminutes;
$md5raw = md5($str2hash, true);
$base64hash = base64_encode($md5raw);
$urlsignature = "server_time=" . $today ."&hash_value=" . $base64hash. "&validminutes=$validminutes";
$base64urlsignature = base64_encode($urlsignature);
?> this is the code we use
<?php
$today = gmdate("n/j/Y g:i:s A");
$initial_url = "http://stream.company.com:8081/vod/sample.mp4/playlist.m3u8";
$ip = $_SERVER['REMOTE_ADDR'];
$key = "defaultpassword"; //this is also set up in WMSPanel rule
$validminutes = 20;

$str2hash = $ip . $key . $today . $validminutes;
$md5raw = md5($str2hash, true);
$base64hash = base64_encode($md5raw);
$urlsignature = "server_time=" . $today ."&hash_value=" . $base64hash. "&validminutes=$validminutes";
$base64urlsignature = base64_encode($urlsignature);

$signedurlwithvalidinterval = "$initial_url?wmsAuthSign=$base64urlsignature";
?> this is your code not seeing a whole lot of difference

Yury Udovichenko 2016-10-18 05:29:35 UTC 

$ip = $_SERVER['REMOTE_ADDR'];
this line takes current user IP address. If you pass the signed URI to other user with other IP, it will not work.

Charlie 2017-10-19 19:00:21 UTC 

Is there a way to exclude IP from the signature? Some ISP is sending weird IPs, like they are sending 2 IPs, 1 to web server and 1 to nimble so it creates a mismatch and nimble returns 403 error

Alex Pokotilo 2017-10-20 02:19:03 UTC 
Post a reply


Post a new question

Categories:

Tags:

nimbleNimble StreamerFAQHLSDVRRTMPhlsnimble streamerABRwmsauthcacheNimbleffmpegAPIapitranscoderdvrVODstreamingfailoverDASHwmspanelrtmpvodudprtsppaywallsubtitlesRTSPDispersayoutubelivelivestreamingmp4MPEG-DASHWMSAuthgeopay-per-viewdashstreamerabrWindowsencryptionUDPwhite labelconfiguser agentsmilvideoFFMPEGmulticastMPEG-TSaudioedgere-streamingCORSraspberry pichunksandroidsldpbandwidthmpeg-dashadvertizerDRMvlcrules.confadvertisingipv6FastSpringRAMwms panelthumbnailFMLEVATcrossdomainupdatehttpsmpegtsRecordingSMILplaylistpushaesakamaiserverssslSRTwowzam3u8TranscodeerrorSSLbalanceplaylist_dvrWowzachromecastconfigurationreportingsrtbugIDdownloadS3corsnimblestreamerdomainperformanceIPmpeg-tschunkraspianawspublish controlcodecmobileWMSPanelrepublishingloopVidillionHttpsnimble webcam html5UIRegistration Issuedirect link32-bit Windowstwitchanalysecache_controlitworkmelive abr support mpeg-dashrtmp abrbeirutWWDCdubaideep statshls to multicast udplogIIS Smooth StreamingcloudmediaCDNHTTPSAbrHot-linking protectionHDSvaddioMPEGTSalertsNDIViewer Statsjwplayer websitewhmcsbaselineAuthentication in HLSnginx rtmp nimbleCentOS v6.4durationAV BridgepricelimitOld logsVaddioscreencastPI3 Ubuntuview timewmspanelapiattaching domainsinterfacesDVRRecordingWMSCONFIG_HOMEmessageloadbalancingrestreamcostmetadatamod_rewriteoriginprofileAxisgbpsID3 tagsanalisyswmsauthsignhighhds streamhls restreamingciscolocalVLCresumenibler.net hotlinkVideo Playertransocding republishingdecodergentoo install server nimbleAliastranscoding using NvidiaPublic IpPaywall Authlost trafficdocumentationofflineconcurrent-connectionsTrancoderfilelebanonlocationmanifestipMP4 not playedspaceicecast urlruleServer-sidetasks-controlhot linkingseekingchangestoppedamfmainplayoutPlayReadylimuxamazon web servicedvr streamconnectivityunique visitordvr stream twiceonAXVVGhot-linkpay per viewaliasdata slicesblockHLS vodmpeg dash7TCOanalyticsapplicationpaywalbrandingopenssltrialMP4microsoft streamerrorsrocksoftlog traffic statsExpression EncoderdebianABR DASHprogressive downloadHLS Playermultiple originsFFmpegnimblesessionidDASH Playerlive video on demandbandwithCSSserverlog nimble analysertmp playbackvideojsbitrateadaptiveAV1 codecprivate networkJWPLAYERNGINX-RTMPSnapshotsno WMSPanellive videoPullmac osx installsourcecrossdomain more then 1 domain4KwotermarksoundHLS Meta Tag editing.streamsattachmenthelp errorvimeoload balanceconcurrent connectionvod no soundbuttcdnvsomFairplayfallbackamazonControl APIlive streamTranscoderLive streamingWidevineRemote StorageWowza Agentsecuritynot foundpullmpeg2tsServer-Side-Task-ControlAS3disk migrationstereo to monoscreen captureinstall players setup ready to goDVRSettingstwitch larix broadcaster androidAppleDelete recordsicecastdrmresourceaes encryptionsubscriptionlive pull settingsABR HLS Bitratesvideo looprtmp for YouTubestarttime duration seekpointrebootdvr streamsmonitornimble streamer web server php script pageautomationNimble Streamer APIlivestreamoutrateIIS Media Servicsrtmp republishing transcodenimble.confDeep statsapi accessNimble CapacityABR DVR probleminterleavingweb playernimble streamer vod hls transmuxingloggingLive SwitcherlearnerCross Domainscreen freezecan't registercontent-dispositionnot to stealLive Broadcastinsert logoheaderactionscript 3block downloadAVCaptureMovieFileOutputNimble ServerbroadcasterUbuntu artful 17.10Transcoder MPEG DASHMPEG DASHadd_chunk failedPost processingfake extensiontranscodingFFMPEG;RTMP;I/O errorstatus:errorHotlinking ProtectionStreaming routeMPEG-Dashlarix broadcasternimble on cloudroutesprerollThumbnailsserver incorrect timepremium featureLIVELivepaymentincoming streamno soundstatsHow to do live stream with multiple audio tracknimble aliasesProgressivereloadRTMP republishrmtpno internetvp9addemandSecurelivestreamintransocderraspberryavoid refreshreportsAndroiduser_agentdvr on wmspanelS3 AWScloudfrontIOSrestartPIDHLS Streamingthumbnail dvr-thumbnailwmsAuthSignnimble streamer mpeg-ts multiple inputsLoad-BalancingcredentialslatencytranscodeRepublishingadjustDVR SettingPORTHTML5 playerdelaympeg4issuepricingtranscoder nimbleBroadcastLarixABR bitratesPacketizingbuildTeradek Decoderubuntu 18SLDPav1 codec21server iphttp servera recordVR-360Failoverstorage space availablediskNimble connectionsabr fallbackDVRStreamsrulesError when installingdissapointmentpay-per-minuteAWSSO_RCVBUFbuffering videolivestream bitrateUDP Multicastlogo in streamMPEG2 VideossaiDVR Setting limitbufferprogressivewebhookdvr to livefastspringmp2 audiocache expiryQuickTimevideo streamingrtsp push androidartifactstraffichd25publish streamAArch64storagealias route.movdistributionoutputVOD HLS streaming on public IPdomain lockRTMP Republishcontentspeedup my videoiOSqataritworkscdnvideo.js

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Privacy Policy. If you want to know more or withdraw your consent to all or some of the cookies, please refer to the Privacy Policy.
By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.