OvenMediaEngine Enterprise
English
English
  • About
    • Introduction
    • Release Notes
      • 0.18.2
      • 0.18.1
      • 0.18.0
      • 0.17.3
      • 0.17.2
      • 0.17.1
      • 0.17.0
      • 0.16.8
      • 0.16.7
      • 0.16.6
      • 0.16.5
      • 0.16.4
  • Installation
    • Getting Started
      • Getting Started with Ubuntu
      • Getting Started with RHEL
      • Getting Started with Docker
    • Configuration Structure Overview
  • Web Console
    • Getting Started with Web Console
    • Web Console Overview
      • Sign In
      • Change Password
      • Web Console Home
      • Stream List
        • Managed and Instant Streams
        • Scheduled Channels | 0.16.4.0+
        • Multiplex Channels | 0.16.5.0+
      • Event Monitoring | 0.18.1.0+
        • Configuration
        • Event Specification
      • Web Console Publishing | 0.18.1.2+
      • Logs
      • Configuration Files
      • Restart
    • Web Console Settings
      • Server Settings
      • Live Sources (Ingress Protocols) Settings
      • ABR and Transcoding Settings
      • Streaming (Egress Protocols) Settings
      • TLS Encryption Settings | 0.14.0.0+
      • Access Control Settings
      • Thumbnail Settings | 0.15.7.0+
      • Recording Settings | 0.16.5.0+
      • Push Publishing Settings | 0.15.14.0+
      • REST API Settings | 0.11.0.0+
      • Alert Settings | 0.15.11.0+
  • CDN Compatibility
    • Origin Server Redundancy
    • Origin Cache Control
  • Protection
    • RTMP Authentication | 0.17.2.0+
    • Proxy Protocol Integration | 0.16.6.2+
    • Digital Rights Management (DRM)
      • OvenMediaEngine Configuration for DRM | 0.16.0.0+
      • PallyCon DRM Configuration | 0.16.4.0+
  • Performance
    • Hardware-Accelerated Video Encoding | 0.16.4.0+
  • Event Insertion
    • Insert SEI into H.264 (AVC) Streams | v0.18.0.0+
    • Insert AMF0 messages in RTMP Push Publisher | 0.17.3.0+
  • Monetization
    • Insert Ad Markers (EXT-X-CUE-OUT/EXT-X-CUE-IN) | v0.17.3.0+
    • Insert onCuePoint messages into YouTube Live | 0.17.3.0+
  • Advanced Management
    • Generating Audio PTS | 0.17.2.3+
    • API Storage | 0.17.0.0+
    • Restart Application | 0.17.0.0+
    • Record Delivery | 0.16.5.0+
    • Add Delay to the Stream
    • Control Default Playlist Creation
Powered by GitBook
On this page
  • Signed Policy Settings | 0.12.0.0+
  • Admission Webhooks Settings | 0.12.2.0+
  1. Web Console
  2. Web Console Settings

Access Control Settings

PreviousTLS Encryption Settings | 0.14.0.0+NextThumbnail Settings | 0.15.7.0+

On the Access Control Settings, you can check if access restrictions for Ingress and Egress streams provided by OvenMediaEngine are enabled and what the settings are.

Also, (updated on July 17, 2024) adds support for in SignedPolicy and AdmissionWebhooks, further enhancing security by comparing and verifying the Client Address passed through The PROXY protocol version 1 by HAProxy with real_ip.

Signed Policy Settings | 0.12.0.0+

SignedPolicy is a module that limits the user's privileges and time. For example, if you make a specific RTMP URL accessible for only 60 seconds, the provided URL will be automatically destroyed after 60 seconds. Also, if you make an RTMP URL that can be transmitted for only 1 hour, the RTMP transmission will automatically stop after 1 hour.

As shown below, a SignedPolicy URL includes the Policy and Signature as a query string in the stream URL, so viewers who receive a SignedPolicy URL cannot access any resources other than the provided URL.

scheme://domain.com:port/app/stream?policy=<>&signature=<>

You can check whether the Signed Policy is enabled and its settings for each VirtualHost in the Signed Policy section of Access Control Settings.

  • Policy Query Key: The query string key name in the URL pointing to the Policy value.

  • Signature Query Key: The query string key name in the URL pointing to the Signature value.

  • Secret Key: The secret key used when encoding with HMAC-SHA1.

  • Enables: List of Providers and Publishers to enable SignedPolicy.

Currently, SignedPolicy supports RTMP between Providers, and WebRTC, LLHLS, and Thumbnail between Publishers.

Admission Webhooks Settings | 0.12.2.0+

AdmissionWebhooks are HTTP Callbacks that query the Control Server to control Publishing and Playback acceptance requests. You can leverage AdmissionWebhooks for a variety of purposes, including Customer Authentication, Tracking Published Streams, Hiding App/Stream Names, Logging, and more.

You can view whether Admission Webhooks are enabled and the settings for each VirtualHost in the Admission Webhooks section in Access Control Settings.

  • Control Server Url: The HTTP Server that receives queries. HTTP and HTTPS are available.

  • Secret Key: The secret key used when encoding with HMAC-SHA1.

  • Timeout: The time (in milliseconds) to wait for a response after a request.

  • Enables: List of Providers and Publishers to enable AdmissionWebhooks.

Currently, AdmissionWebhooks supports RTMP, WebRTC, and SRT between Providers, and WebRTC, LLHLS, and Thumbnail between Publishers.

Detailed Guide:

Detailed Guide:

https://airensoft.gitbook.io/ovenmediaengine/access-control/signedpolicy
https://airensoft.gitbook.io/ovenmediaengine/access-control/admission-webhooks
Proxy Protocol
OvneMediaEngine Enterprise 16.6.2
In the Signed Policy of the Access Control Setting
In the Admission Webhooks of the Access Control Setting