1 person found this helpful
Currently protected HLS only garuntee (flexible feature) that only valid ios devices can play the stream. But yes, that doesn't solve your problem. You may like to add some sort of authentication in key delivery part. For example, you may write ios-application to re-write key delivery URL and add some query token to it in NSURLProtocol class. And on apache side, you may check validity of URL sender before request is picked up by the hls module.
This is just a direction.. Though we are looking for some inherent solutions in this direction..
Hi, thank you for your reply, can you please be more specific on this:
"...on apache side, you may check validity of URL sender before request is picked up by the hls module..."
Thank you in advance.
Though it is easily discoverable the hackers but still a direction:
Now, inside apache conf, you may change the location directive hls-key to my-app-hls-key.. In this way any key request that comes as former URL will be reected by the module, while later will be passed.
Since later key requests will only from your client app (which re-write key url inside app using ios NSURLProtocol class) they will succeed as apache confs are configured to accept them while former once are failed.
However this can be traced and replicated by others too..
If you want more secure way then, you may like to send some cookies with the key url as query parameter (again you will have to write your custome app to do that).. On apache side you may write your own module which first authenticate the cookie then redirect the "query parameter stripped key url" to the mod_hlshttp.so..
Why am I only talking about authenticating the key URL not the m3u8 or ts because key url is on https which should always hit the origin.. m3u8 or ts are normal http and can be served from the cache..
Do you have an example of writing an Apache module that does authentication and passes the stripped URL to mod_hlshttp? This is exactly what I need to do (after beating my head against AMS server-side ActionScript and finally realizing that HLS is handles through Apache...)
I'm sure I could dig on the web, but if you have an example it could probably save me a lot of time/effort/headache...
Thanks in advance.
I am trying to achieve this as well - an example would be really great.
How about the example? I need it also.
Could you please share it?
Thanks in advance.
Hej there, I have the same situation right now and need some help as well. Unfortunately adobe does not share any further informations regarding their server architecture or any non-out of the box features, which is really annoying. Does anybody has a solution for that so far? Help would be really appreciated! If I will find a solution, I will post it here as well! Thanks