Icecast Streaming Media Server Forum Index Icecast Streaming Media Server
Icecast is a Xiph Foundation Project
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

allow-only IP
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Icecast Server
View previous topic :: View next topic  
Author Message
robertut



Joined: 31 Aug 2007
Posts: 156

PostPosted: Sun Aug 02, 2009 9:20 pm    Post subject: allow-only IP Reply with quote

Is there a reverse parameter for <deny-ip>? Like allow-only?
I have a master relay server, and I want to allow only certain relays to actually relay the content, and naturally only my certain source clients. Is there a way to restrict these to a list of IPs?
Back to top
View user's profile Send private message
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Mon Aug 03, 2009 12:46 pm    Post subject: Reply with quote

yes, a similar process is involved when you use <allow-ip>

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
robertut



Joined: 31 Aug 2007
Posts: 156

PostPosted: Sat Aug 08, 2009 7:36 am    Post subject: Reply with quote

karlH wrote:
yes, a similar process is involved when you use <allow-ip>

karl.


Does this apply to source clients and player clients in the same way? Can they be differentiated? Can wildcards be used? How?
Back to top
View user's profile Send private message
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Sat Aug 08, 2009 2:05 pm    Post subject: Reply with quote

the file applies to all incoming client connections, it works based on the IP before anything is read. A similar mechanism could be used for source clients but that does not exist currently. Wildcards can be used in my branch work, not in 2.3.2, I think it should be changed to the xxx/24 type notation instead of wildcards.

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
robertut



Joined: 31 Aug 2007
Posts: 156

PostPosted: Mon Aug 10, 2009 7:10 pm    Post subject: Reply with quote

karlH wrote:
the file applies to all incoming client connections, it works based on the IP before anything is read. A similar mechanism could be used for source clients but that does not exist currently. Wildcards can be used in my branch work, not in 2.3.2, I think it should be changed to the xxx/24 type notation instead of wildcards.

karl.
I use KH10, can you give some examples?
Back to top
View user's profile Send private message
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Mon Aug 10, 2009 8:26 pm    Post subject: Reply with quote

of a wildcard example? eg

192.168.*

The problem with that is that it's not as precise as the xxxx/N notation

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
robertut



Joined: 31 Aug 2007
Posts: 156

PostPosted: Sat Aug 15, 2009 10:11 am    Post subject: Reply with quote

It works, thanks.
Back to top
View user's profile Send private message
MOnster



Joined: 18 Oct 2009
Posts: 3

PostPosted: Sun Oct 18, 2009 5:28 am    Post subject: Reply with quote

karlH wrote:
the file applies to all incoming client connections, it works based on the IP before anything is read. A similar mechanism could be used for source clients but that does not exist currently.
karl.


Does this mechanism will work in future? When we can try it? For our server it is critical to have an "source white list" - that helps to decline 'hackers' connections.
Back to top
View user's profile Send private message
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Sun Oct 18, 2009 1:51 pm    Post subject: Reply with quote

If there is a call for it then a list can be implemented for source clients only. I've not heard any call for it up to now probably because many are on DHCP type connections, so IPs are not guaranteed.

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
MOnster



Joined: 18 Oct 2009
Posts: 3

PostPosted: Tue Oct 20, 2009 4:39 am    Post subject: Reply with quote

karlH wrote:
If there is a call for it then a list can be implemented for source clients only. I've not heard any call for it up to now probably because many are on DHCP type connections, so IPs are not guaranteed.

karl.


can I call for this function?) "I've not heard any call for it up to now probably because many are on DHCP type connections" - in our situation - we have many source clients(we are internet radio with many DJs), and some of them can pass the source password to 'hackers'. I need to know who do it, to prevent this situations, and dont give source password(s) to that people. I think about solution 'many passwords to 1 mount',but icecast havent this function. Then i think that i can make an ip 'white' list from forum's user 'last' ip(source user must login into forum, than connect to server), and generate white-list every 'source disconnect'(or every minute). So if you can make 'white list' or 'many-passwords to one mountpoint' (and log with wich password source connect to server) - i am very glad to see it ) I think that both functions is intresting for internet-radio servers with many DJ's. Thank you for your answer and support ))
Back to top
View user's profile Send private message
MOnster



Joined: 18 Oct 2009
Posts: 3

PostPosted: Tue Oct 20, 2009 4:58 am    Post subject: Many passwords to one source Reply with quote

Oh, i have read http://icecast.imux.net/viewtopic.php?t=6453 this future request, and function 'many passwords to one source' is exist, than my call is only for a 'white list' feature. Do I need to post it to feature request thread?
Back to top
View user's profile Send private message
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Tue Oct 20, 2009 3:48 pm    Post subject: Reply with quote

URL authentication for source clients is already in place (stream auth option) in the post 2.3.2 work. There is still an issue with getting that to work in trunk with shoutcast style source clients because of the protocol used, but it should be fine in the latest kh tree. How you determine which source to let in will be up to you but don't forget that if you allow in a source client and the mountpoint requested is already in use then the new client will still be dropped, also note that any admin requests using source auth will also need to be authenticated (eg metadata updates).

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
robertut



Joined: 31 Aug 2007
Posts: 156

PostPosted: Fri Feb 01, 2013 10:09 am    Post subject: Reply with quote

Karl, sorry for digging up this old thread, but the question is still, can we add to allow-ip and deny-ip lists address pools in CDIR notation format?

Our master server configs would really need this. Having to add manually all the IPs one by one per line of an entire /22 subnet would be awful (and I don't know what Icecast would react to such a big allow-ip file).

Luckily there's a much smaller subnet to be added now, but who knows what brings the future?
Back to top
View user's profile Send private message
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Fri Feb 01, 2013 10:49 pm    Post subject: Reply with quote

currently it uses fnmatch, so * [] and ? should be handled, the /22 style of notation is not handled but in could be added to if need be.

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
robertut



Joined: 31 Aug 2007
Posts: 156

PostPosted: Fri Mar 08, 2013 3:54 pm    Post subject: Reply with quote

I vote for adding.

karlH wrote:
currently it uses fnmatch, so * [] and ? should be handled

How do you use [] ???
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Icecast Server All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
subRebel style by ktauber