Forum

Post a new question

Categories:

Tags:

Tokens ip locked?

Douggle 2016-10-15 21:45:46 UTC in Paywall: WMSAuth and beyond

What do I need to do to make the token that gets generated to a certain stream be locked to just that ip address?

Yury Udovichenko 2016-10-16 12:06:54 UTC

Hello,

Please take a look at hotlink protection feature: http://blog.wmspanel.com/2013/11/nimble-streamer-protect-hotlinking-domain-lock.html
And also check full paywall feature set: https://wmspanel.com/paywall

Douggle 2016-10-16 18:45:01 UTC

I have done that in depth and neither one of them describe what I asked bout, right now tokens are generated the problem is that anyoen can take a valid token and use it,I d like to lock that to a single ip address is there away to do so?

Yury Udovichenko 2016-10-17 00:55:50 UTC

If you know the exact IP address, you can change this line
$ip = $_SERVER['REMOTE_ADDR'];
to
$ip = 'known IP adress'

I'd rather recommend using pay-per-view framework to control all your current connections: https://wmspanel.com/nimble/pay_per_view

Carleton 2016-10-17 20:07:53 UTC

What if I don't know the IP address and I just want the token to play only off the end users IP. This way, he can't grab the token on his personal computer, then just paste his Computers Token on a Server. While I can just make the token last 1 minute, there is always ways around things. I think if this isn't an option it would be a great addition to Nimble/WMS.

Yury Udovichenko 2016-10-18 02:27:59 UTC

Hotlink protection allows covering this use case. Once you get signed stream URL, this URL can be played only from the IP which was used for generating the signature. Please read this article carefully: http://blog.wmspanel.com/2013/11/nimble-streamer-protect-hotlinking-domain-lock.html

Douggle 2016-10-18 03:27:14 UTC

I read this article and nothing in the article says that the token is locked to the users ip,

Yury Udovichenko 2016-10-18 04:39:42 UTC

If you look at the code sample you can see it has IP encoded into the signature.

Douggle 2016-10-18 05:13:36 UTC

<?php
$today = gmdate("n/j/Y g:i:s A");
$ip = $_SERVER['REMOTE_ADDR'];
$key = "pass";
$validminutes = 1;
$str2hash = $ip . $key . $today . $validminutes;
$md5raw = md5($str2hash, true);
$base64hash = base64_encode($md5raw);
$urlsignature = "server_time=" . $today ."&hash_value=" . $base64hash. "&validminutes=$validminutes";
$base64urlsignature = base64_encode($urlsignature);
?> this is the code we use
<?php
$today = gmdate("n/j/Y g:i:s A");
$initial_url = "http://stream.company.com:8081/vod/sample.mp4/playlist.m3u8";
$ip = $_SERVER['REMOTE_ADDR'];
$key = "defaultpassword"; //this is also set up in WMSPanel rule
$validminutes = 20;

$str2hash = $ip . $key . $today . $validminutes;
$md5raw = md5($str2hash, true);
$base64hash = base64_encode($md5raw);
$urlsignature = "server_time=" . $today ."&hash_value=" . $base64hash. "&validminutes=$validminutes";
$base64urlsignature = base64_encode($urlsignature);

$signedurlwithvalidinterval = "$initial_url?wmsAuthSign=$base64urlsignature";
?> this is your code not seeing a whole lot of difference

Yury Udovichenko 2016-10-18 05:29:35 UTC

$ip = $_SERVER['REMOTE_ADDR'];
this line takes current user IP address. If you pass the signed URI to other user with other IP, it will not work.

Charlie 2017-10-19 19:00:21 UTC

Is there a way to exclude IP from the signature? Some ISP is sending weird IPs, like they are sending 2 IPs, 1 to web server and 1 to nimble so it creates a mismatch and nimble returns 403 error

Alex Pokotilo 2017-10-20 02:19:03 UTC
Post a reply



This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Privacy Policy. If you want to know more or withdraw your consent to all or some of the cookies, please refer to the Privacy Policy.
By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.