View previous topic :: View next topic |
Author |
Message |
Anonymous Guest
|
Posted: Thu Sep 20, 2007 1:14 am Post subject: Preventing the web status/admin pages being shown to listene |
|
|
Hi All
I trawled the forum, and didn't find any good info.
So I fiddled with .htaccess files in the web directory. Yep, you can deny/allow the pages being shown: but I was cutting off my encoders from being able to connect to the server!
As I am no programmer/.htaccess expert, and as it's not in the documentation: what is the recommended way to stop the web pages being shown to anyone (except via a defined private IP range), *yet* still allow clients to get the streams, and for encoders still to be able to connect?
Someone must have wanted to do this before .
I just want to stop the html pages being displayed *unless* the source address is from a 172.6.x.x address. |
|
Back to top |
|
|
karlH Code Warrior
Joined: 13 Jun 2005 Posts: 5476 Location: UK
|
Posted: Thu Sep 20, 2007 1:53 am Post subject: |
|
|
Half of your post seems to refer to a web server as icecast does not use .htaccess files (icecast uses a htpasswd authentication on a mountpoint). Most people only use the status page or similar for expanding the connected mounts, rather than using icecast as a web server.
Trunk does allow for webroot files and xslt transformations to be authenticated, but only my branch work allows for you to define wildcards for these. For IP range checking you would need to use url based auth not htpasswd.
karl. |
|
Back to top |
|
|
Anonymous Guest
|
Posted: Thu Sep 20, 2007 2:56 am Post subject: |
|
|
Hi Karl
..you weren't aware that if you put an .htaccess file in the /web directory, it changes the behaviour? It does: I tested it!
Iceast2 (2.3.1) is reading in the parameters defined in the .htaccess and denying or allowing based on IPs I define. But it doesn't just affect the viewing of pages, it also affects connecting encoders.
Quote: |
Trunk does allow for webroot files and xslt transformations to be authenticated |
Do you know where could I find the actual documentation for this, please? Trawling the comments in the config files is tedious, and not very straightforward.
Quote: |
but only my branch work allows for you to define wildcards for these |
That's not needed, if I can just get an auth prompt for any web-browser request for what is normally presented at http://ip.address:8000/
Quote: |
For IP range checking you would need to use url based auth not htpasswd. |
I think I saw some notes on this in a recent post of yours: is there documentation or implementation notes? |
|
Back to top |
|
|
karlH Code Warrior
Joined: 13 Jun 2005 Posts: 5476 Location: UK
|
Posted: Thu Sep 20, 2007 11:35 am Post subject: |
|
|
I don't know what you have been testing but just dropping a .htaccess in webroot will not cause icecast to use some special authentication unless it is tied to a <mount> definition. For 2.3.1, source clients are not affected but mount-defined authentication, if you say it is then post a section of the error log (level 4) which should indicate the failure.
We have the docs stored under the doc directory (default install location is /usr/local/share/doc/icecast/) , but depending on how you installed it will depend on whether it was installed elsewhere.
karl. |
|
Back to top |
|
|
|