OvenMediaEngine Enterprise
English
English
  • About
    • Introduction
    • Release Notes
      • 0.19.0
      • 0.18.3
      • 0.18.2
      • 0.18.1
      • 0.18.0
      • 0.17.3
      • 0.17.2
      • 0.17.1
      • 0.17.0
      • 0.16.8
      • 0.16.7
      • 0.16.6
      • 0.16.5
      • 0.16.4
  • Pre-Built Package Installation
    • Getting Started
      • Getting Started with Ubuntu
      • Getting Started with RHEL
      • Getting Started with Docker
    • Configuration Structure Overview
  • Advanced Security
    • Digital Rights Management (DRM)
      • OvenMediaEngine Configuration for DRM
      • PallyCon DRM Configuration
    • RTMP Authentication
  • SHA-2 Support
  • High Availability
    • Origin Redundancy
  • Web Console
    • Getting Started with Web Console
    • Web Console Overview
      • Sign In
      • Change Password
      • Web Console Home
      • Stream List
        • Managed and Instant Streams
        • Scheduled Channels
        • Multiplex Channels
      • Event Monitoring
        • Configuration
        • Event Specification
      • Web Console Publishing
      • Logs
      • Configuration Files
      • Restart
    • Web Console Settings
      • Server Settings
      • Live Sources (Ingress) Settings
      • ABR and Transcoding Settings
      • Streaming (Egress) Settings
      • TLS Encryption Settings
      • Access Control Settings
      • Thumbnail Settings
      • Recording Settings
      • Push Publishing Settings
      • REST API Settings
      • Alert Settings
  • Operations & Monitoring
    • API Storage
    • Recording Delivery
  • Performance Optimization
    • Hardware Encoder Support
  • Workflow Integration & External System Connectivity
    • CDN Cache Control
    • Proxy Protocol
    • SEI Insertion
    • AMF0 Message Insertion
    • HLS Markers (CUE-OUT/IN)
    • onCuePoint Message Insertion
    • Delay Buffer
    • Query String Handling
    • Default Playlist Creation
    • iOS Audio PTS
  • REST API
    • v2
      • Statistics
        • Current
Powered by GitBook
On this page
  1. Web Console
  2. Web Console Settings

Access Control Settings

PreviousTLS Encryption SettingsNextThumbnail Settings
CtrlK
  • Signed Policy Settings | 0.12.0.0+
  • Admission Webhooks Settings | 0.12.2.0+

On the Access Control Settings, you can check if access restrictions for Ingress and Egress streams provided by OvenMediaEngine are enabled and what the settings are.

Also, OvneMediaEngine Enterprise 16.6.2 (updated on July 17, 2024) adds support for Proxy Protocol in SignedPolicy and AdmissionWebhooks, further enhancing security by comparing and verifying the Client Address passed through The PROXY protocol version 1 by HAProxy with real_ip.

Signed Policy Settings | 0.12.0.0+

SignedPolicy is a module that limits the user's privileges and time. For example, if you make a specific RTMP URL accessible for only 60 seconds, the provided URL will be automatically destroyed after 60 seconds. Also, if you make an RTMP URL that can be transmitted for only 1 hour, the RTMP transmission will automatically stop after 1 hour.

As shown below, a SignedPolicy URL includes the Policy and Signature as a query string in the stream URL, so viewers who receive a SignedPolicy URL cannot access any resources other than the provided URL.

scheme://domain.com:port/app/stream?policy=<>&signature=<>
In the Signed Policy of the Access Control Setting

You can check whether the Signed Policy is enabled and its settings for each VirtualHost in the Signed Policy section of Access Control Settings.

  • Policy Query Key: The query string key name in the URL pointing to the Policy value.

  • Signature Query Key: The query string key name in the URL pointing to the Signature value.

  • Secret Key: The secret key used when encoding with HMAC-SHA1.

  • Enables: List of Providers and Publishers to enable SignedPolicy.

Currently, SignedPolicy supports RTMP between Providers, and WebRTC, LLHLS, and Thumbnail between Publishers.

Detailed Guide: https://airensoft.gitbook.io/ovenmediaengine/access-control/signedpolicy

Admission Webhooks Settings | 0.12.2.0+

AdmissionWebhooks are HTTP Callbacks that query the Control Server to control Publishing and Playback acceptance requests. You can leverage AdmissionWebhooks for a variety of purposes, including Customer Authentication, Tracking Published Streams, Hiding App/Stream Names, Logging, and more.

In the Admission Webhooks of the Access Control Setting

You can view whether Admission Webhooks are enabled and the settings for each VirtualHost in the Admission Webhooks section in Access Control Settings.

  • Control Server Url: The HTTP Server that receives queries. HTTP and HTTPS are available.

  • Secret Key: The secret key used when encoding with HMAC-SHA1.

  • Timeout: The time (in milliseconds) to wait for a response after a request.

  • Enables: List of Providers and Publishers to enable AdmissionWebhooks.

Currently, AdmissionWebhooks supports RTMP, WebRTC, and SRT between Providers, and WebRTC, LLHLS, and Thumbnail between Publishers.

Detailed Guide: https://airensoft.gitbook.io/ovenmediaengine/access-control/admission-webhooks