Skip to content

Stream publishing to CDN servers restriction

By default, any client can publish any stream to any CDN server: not only to Origin, but to Transcoder and Edge too. This may cause a vulnerabilities: for example, an attacker may replace a stream on Edge server. To prevent a such vulnerabilities, since build 5.2.1765 it is possible to restrict a direct stream publishing by a client to a CDN server

cdn_role_strict=true

The parameter should be set on all the CDN servers. In this case a client can publish a stream only to Origin server, not to Transcoder or Edge.

Direct stream publishing not only to Origin server may be useful for testing and debugging purposes. In this case use the following parameter

cdn_role_strict_stream_name=aSeCrEtNaMeToTeStAnDdEbUg

A stream with the name set by the parameter may be published directly to Transcoder or Edge server.