View previous topic :: View next topic |
Author |
Message |
als
Joined: 14 Oct 2008 Posts: 18
|
Posted: Sun Mar 14, 2010 1:47 pm Post subject: Smart listener count limiting based on GeoIP |
|
|
Hi! I want to restrict access to my server primarily to clients within my country, still allowing several clients from abroad.
So I establish authentication type="command", pointing to local script to check IP of the client...
The easiest way seems to forward restricted users via "mountpoint: /different_country.ogg" to another mountpoint with limited connection count. Also it is easy to duplicate basic stream (not to make source additional encode) by relaying it from localhost. BUT <relay> section seems to ignore <max-listeners> value. Is it possible to limit <relay> mountpoint listeners count via config file?
The second question is: if I want to deny access for the client, can I pass him some human-understandable response like "sorry, you live in a wrong country"? Because now if i deny access (issue echo "icecast-auth-user: 0"), client just pops up window asking for username/password?
Thanks in advance!
Alexander |
|
Back to top |
|
|
karlH Code Warrior
Joined: 13 Jun 2005 Posts: 5476 Location: UK
|
Posted: Sun Mar 14, 2010 2:40 pm Post subject: |
|
|
max listeners is a mount setting, you just need to define a mount for whatever the relay local-mount is.
Adding a 403 response handler should be possible, I'll have to check into that.
karl. |
|
Back to top |
|
|
als
Joined: 14 Oct 2008 Posts: 18
|
Posted: Mon Mar 15, 2010 10:01 am Post subject: |
|
|
karlH wrote: |
max listeners is a mount setting, you just need to define a mount for whatever the relay local-mount is.
|
Got it. So i make 2 separate sections for 1 mountpoint:
<mount> with limits & description, and
<relay> with source.
Thanks.
Quote: |
Adding a 403 response handler should be possible, I'll have to check into that. |
As an idea - maybe if user authentication program doesn't return predefined "allow" header - use it's output as a response for client (as if it was a cgi program). So it will be more flexible for customising.
Anyway, thanks a lot!
Alexander |
|
Back to top |
|
|
karlH Code Warrior
Joined: 13 Jun 2005 Posts: 5476 Location: UK
|
Posted: Mon Mar 15, 2010 10:31 am Post subject: |
|
|
I don't see a need to be that flexible, just needless complication for this type of server, you can still use the mountpoint header and maybe add in the location header for http 302 redirection. A message for a 403 response is certainly something we could add.
karl. |
|
Back to top |
|
|
robertut
Joined: 31 Aug 2007 Posts: 156
|
Posted: Fri Mar 19, 2010 1:36 pm Post subject: |
|
|
Yes, I would also definitely interested into that!
Because I'd set up different Icecast servers in different countries, and apply on each a similar geo-detection feature as described above, but with auto-redirection to the other server.
For example: have an Icecast server in Europe, one in the USA, both relaying the same content from a master server. If a listener client from USA tries to connect to the European server, it should be automatically, and transparently redirected to the USA server, and vice-versa. I don't want the user to be explicitly informed about this, it's enough if he/she just sees the different IP address.
Could also be useful for load balancing... |
|
Back to top |
|
|
karlH Code Warrior
Joined: 13 Jun 2005 Posts: 5476 Location: UK
|
Posted: Fri Mar 19, 2010 2:58 pm Post subject: |
|
|
You can already do that with the url auth just not the command auth. Just have the listener_add script send back a 200 OK response but include the Location: header. Something similar can be done for command auth.
karl. |
|
Back to top |
|
|
robertut
Joined: 31 Aug 2007 Posts: 156
|
Posted: Sat Mar 20, 2010 9:29 pm Post subject: |
|
|
how to do that on win32? |
|
Back to top |
|
|
|