Forum

Tokens ip locked?

Douggle 2016-10-15 21:45:46 UTC in Paywall: WMSAuth and beyond

What do I need to do to make the token that gets generated to a certain stream be locked to just that ip address?

Yury Udovichenko 2016-10-16 12:06:54 UTC 

Hello,

Please take a look at hotlink protection feature: http://blog.wmspanel.com/2013/11/nimble-streamer-protect-hotlinking-domain-lock.html
And also check full paywall feature set: https://wmspanel.com/paywall

Douggle 2016-10-16 18:45:01 UTC 

I have done that in depth and neither one of them describe what I asked bout, right now tokens are generated the problem is that anyoen can take a valid token and use it,I d like to lock that to a single ip address is there away to do so?

Yury Udovichenko 2016-10-17 00:55:50 UTC 

If you know the exact IP address, you can change this line
$ip = $_SERVER['REMOTE_ADDR'];
to
$ip = 'known IP adress'

I'd rather recommend using pay-per-view framework to control all your current connections: https://wmspanel.com/nimble/pay_per_view

Carleton 2016-10-17 20:07:53 UTC 

What if I don't know the IP address and I just want the token to play only off the end users IP. This way, he can't grab the token on his personal computer, then just paste his Computers Token on a Server. While I can just make the token last 1 minute, there is always ways around things. I think if this isn't an option it would be a great addition to Nimble/WMS.

Yury Udovichenko 2016-10-18 02:27:59 UTC 

Hotlink protection allows covering this use case. Once you get signed stream URL, this URL can be played only from the IP which was used for generating the signature. Please read this article carefully: http://blog.wmspanel.com/2013/11/nimble-streamer-protect-hotlinking-domain-lock.html

Douggle 2016-10-18 03:27:14 UTC 

I read this article and nothing in the article says that the token is locked to the users ip,

Yury Udovichenko 2016-10-18 04:39:42 UTC 

If you look at the code sample you can see it has IP encoded into the signature.

Douggle 2016-10-18 05:13:36 UTC 

<?php
$today = gmdate("n/j/Y g:i:s A");
$ip = $_SERVER['REMOTE_ADDR'];
$key = "pass";
$validminutes = 1;
$str2hash = $ip . $key . $today . $validminutes;
$md5raw = md5($str2hash, true);
$base64hash = base64_encode($md5raw);
$urlsignature = "server_time=" . $today ."&hash_value=" . $base64hash. "&validminutes=$validminutes";
$base64urlsignature = base64_encode($urlsignature);
?> this is the code we use
<?php
$today = gmdate("n/j/Y g:i:s A");
$initial_url = "http://stream.company.com:8081/vod/sample.mp4/playlist.m3u8";
$ip = $_SERVER['REMOTE_ADDR'];
$key = "defaultpassword"; //this is also set up in WMSPanel rule
$validminutes = 20;

$str2hash = $ip . $key . $today . $validminutes;
$md5raw = md5($str2hash, true);
$base64hash = base64_encode($md5raw);
$urlsignature = "server_time=" . $today ."&hash_value=" . $base64hash. "&validminutes=$validminutes";
$base64urlsignature = base64_encode($urlsignature);

$signedurlwithvalidinterval = "$initial_url?wmsAuthSign=$base64urlsignature";
?> this is your code not seeing a whole lot of difference

Yury Udovichenko 2016-10-18 05:29:35 UTC 

$ip = $_SERVER['REMOTE_ADDR'];
this line takes current user IP address. If you pass the signed URI to other user with other IP, it will not work.

Charlie 2017-10-19 19:00:21 UTC 

Is there a way to exclude IP from the signature? Some ISP is sending weird IPs, like they are sending 2 IPs, 1 to web server and 1 to nimble so it creates a mismatch and nimble returns 403 error

Alex Pokotilo 2017-10-20 02:19:03 UTC 
Post a reply


Post a new question

Categories:

Tags:

nimbleNimble StreamerFAQHLSDVRnimble streamerRTMPhlsSRTABRcachewmsauthNimbleAPItranscoderrtmpsrtapidvrffmpegVODudpRTSPsldpfailoverDASHstreamingrtspwmspanelSLDPliveyoutubevodUDPmp4paywallabrsubtitlesDispersavideoLarixmulticastaudioandroidlivestreamingWMSAuthMPEG-DASHpay-per-viewgeoMPEG-TSdashstreameredgebandwidthWMSPanelsslthumbnailWindowsencryptionhttpswhite labelplaylistconfigsmilFFMPEGperformanceCORSchunksraspberry pire-streamingmpeg-dashpublish controlcorscloudfrontDRMRepublishingadvertizerrepublishingvlcS3user agentNDIristrules.confadvertisingipv6MPEGTSFastSpringRAMwms panelRecordingfileFMLEVATcrossdomainSMILmpegtsaespushakamaiwowzamobileserversPullcodecerrorbalanceSSLTranscodem3u8TranscoderchromecastWowzaIDbugconfigurationreportingdownloadsnapshotawsmpeg-tsLarix BroadcasterAndroidnimblestreamerdomainloopraspianAWSoriginscte35CDNipupdateroutesamazonlarix broadcasterplaylist_dvrVidillionHttpschunkIPsecurityUInimble webcam html5Registration Issuedirect link32-bit Windowstwitchcache_controlitworkmecudalive abr support mpeg-dashwmspanelapibeirutreloadWWDCdubaideep statsCentOS v6.4hls to multicast udpnooblogIIS Smooth StreamingcloudmediaAbrHTTPSHot-linking protectionHDSvaddioalertsjwplayer websitewhmcsbaselinetimelineVaddioAV BridgePI3 Ubuntuview timeAuthentication in HLSNimble Streamer APIPi4priceinterfacesresourcelimitOld logsencrytpionCloud Storagescte-35loadbalancingscreencastmetadatamod_rewriteprofilelarix abrAxisgbpsID3 tagswmsauthsignhighattaching domainshds streamcontainer*ciscolocalsdpshoutcast.net hotlinkdatmessageWMSCONFIG_HOMErestreamcostrtmp abrgentoo install server nimblePublic Iptranscoding using NvidiaPaywall AuthofflinedocumentationNimble streamer upgradehls restreamingTrancoderconcurrent-connectionsVLCresumeniblerServer-sideVideo Playertransocding republishingdecoderstoppedNimble Streamer versionmainAliaslost trafficpay per viewicecast urldvr_archivesmpeg dashnginx rtmp nimblehot linkinglebanonlocationmanifestwildcardobsTCORaspian BusterchangeMP4 not playedspaceexportopensslamfLarix GroveseekingExpression EncoderonSteam stopped workinglimuxamazon web servicePlayReadynginxHLS voddvr stream twicerepublishHLS PlayerAXVVGhot-linkDASH Playeranalyticspaywalapplicationblocknvencjpeg7brandingtrialdebianmicrosoft streamMP4screen freezecan't registererrorsrocksoftlog traffic statsLarge DVR filesprivate networklive video on demandbandwithno WMSPanelserverlive videonimblesessionidFFmpegmultiple originsinterleavingSLDP PLayerABR DASHprogressive downloadmac osx installwotermarksourceheadervimeohelp errorLive Streaminglog nimble analysertmp playbackload balancezabbixAdsvideojscache expiryvideo stopcdnvsombitrate#restreamlive streamViewer StatsstreamsadaptiveAV1 codecJWPLAYERNGINX-RTMPHEVCattachmentDelaympeg2tsServer-Side-Task-Controldisk migrationvod no soundconcurrent connectiondvr on wmspaneldvr streamconnectivityUbuntu 20 ARM - AWSunique visitor4Kcrossdomain more then 1 domainscreen capturestereo to monocpuaes encryptionsubscriptionWidevineFairplayWMSPanel settingslive pull settingsABR HLS BitratesbuttAWS 3rtmp for YouTubedrmnot foundCPU LoadpullControl APIAS3Live streaminginstall players setup ready to goDVRSettingstwitch larix broadcaster androidAppleDelete recordsadd_chunk failedPost processingfake extensionnimble streamer vod hls transmuxinglogginglearnernimble streamer web server php script pageautomationCross Domainoutrateudp streaminginsert logovideo loopicecaststarttime duration seekpointrebootmonitorapi accessDeep statsloadbalancerinvalidMPEG DASHUbuntu artful 17.10Transcoder MPEG DASHweb playerblock downloadAVCaptureMovieFileOutputdvr streamslivestreamcontent-dispositionNimble CapacityABR DVR problemLive SwitcherNimble Servernot to stealLive BroadcastfacebookStreaming routeHotlinking ProtectionSecuritysecure streamingpaymentRTMP republishstatsadvp9contentRTMP RepublishdemandIOSpremium featureserver incorrect timeThumbnailsssaiDVR Setting limitLiveLIVELoad-Balancingnimble streamer mpeg-ts multiple inputswmsAuthSignrmtpInterlaceno internetsoundHLS Meta Tag editing.How to do live stream with multiple audio trackProgressivenimble aliasestranscoder nimblethumbnail dvr-thumbnailavoid refreshraspberryreportsPaywallS3 AWSVideo cant be playedcredentialsstorage space availabledisktranscodevbv-maxrateSecureJetson NanoHTML5 playerlivestreamintransocderFailoverVR-360publish streamStream Delaytraffichd25AArch64webhookdvr to liveautomateuser_agentbuildrist set fecABR bitratesPacketizingdomain lockoutputUsers limitcloudflareVOD HLS streaming on public IPlarixanalisyssctedelaympeg4storagealias route.movInvalid frame headerno soundincoming streamSubtitlesDVRRecordingAuthlivestream bitratedockerGopLL-HLS DVRav1 codecNimbleStreamerfastspringNimble streamermp2 audiodata slicesaliasplayer sldpdistributionVP9http serverwirecasta recordqataritworkscdnvideo.jslatencyno audiobuffering videoSO_RCVBUFbufferCentos 8dissapointmentpay-per-minuteQuickTimevideo streamingcompatibility protocolsmultiplexactionscript 3server ssl errorCSSTeradek Decoderubuntu 18restarthelpFallback3.6.1-1server ip21SSL requestMax connectionUDP Multicastincomingmulti-viewersha265RIST BondingplayoutrulesError when installinghow-tomanage_dvrDVRStreamsaws amazonmultiple audio udphotlink protectionRaspberryPi4ultra low latencyMPEG2 Videologo in streamDVR SettingPORTanalyseStreamIDprogressivebroadcast video4GwebrtcNimble_Crushvideo audioSRT protocolartifactsrtsp push androidtuningWowza AgentRemote StorageSSAIprerollstreamrtmp sldp nimblenimble on cloudfallbackRaspberrytasks-controlLinuxRTMP to SRTBroadcastvideo and audio not matchLarix broadcastergpu{stream}SnapshotsOBSMPEG-DashLL-HLSGoogle DriveHLS StreamingPIDurlnimble.confrtmp republishing transcodeIIS Media Servicstrackspeedup my videoiOSmultipointrulethumbnailssubfolderTLSV 1.2 Certificatedynamic linksdvbNetworkRAM Loadstatus:errortranscodingdownTonyFFMPEG;RTMP;I/O errorissuepricinggoogle cloud storageRistmultiplertpnimble dvrdurationBandwidthYadifportsfairplayNginxbroadcasterOSXmd5abr fallbackNimble connectionsletsencryptmultiple audioadjustsoftware versionre-publishingSRT RTMP

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Privacy Policy. If you want to know more or withdraw your consent to all or some of the cookies, please refer to the Privacy Policy.
By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.