I have an AMS v.5.0.15 running to serve videos for 4 domains of mine via HTML5 video players.
My problem is that I can't seem to restrict access to my video streams to my 4 domains only.
I can type the http://mydomain.com:8134/hls-vod/video.f4v.m3u8 in my browser(safari) from my home PC and the stream plays straight away.
Am I wrong by assuming that by restricting the allowed domains in Vhost.xml, Adapter.xml and crossdomain.xml - only requests coming from the allowed domains will be granted?
I have followed the AMS Hardening guide but no luck so far....
Any help is highly appreciated.
Your best bet is to use a token system. Essentially you build a small system that creates a token on a PHP page (or other server side page). Then you setup .htaccess to only allow that to be run on the domain so there isn't any iFrame usage of it (I can't recall exactly this part). Anyways, once you have that, when somebody accesses the PHP page where your player resides it passes that dynamically created token to the player. Then the server side will receive that and figure out if it's a legit token or not, flag it that it's been used so it can't be used twice and then that's that. It's the PHP and AMS side code that you need to figure out though. I don't know of a sure fire way to do it just with the built in tools of AMS.