January 7, 2016

Block user agents from viewing streams via Nimble Streamer

WMSAuth paywall framework is very popular among Nimble Streamer customers as it's a proven solution for basic content monetization. One of the most popular features of this set is the geo-location and IP range restriction. Now we introduce update for this capability - Nimble allows blocking viewers by their user agent.

This capability can be used together with other features like hotlink protection or pay-per-view framework - users that are not blocked by user agent, may still be controlled by other criteria.

It can be applied to any level of streaming entities like servers, applications or separate streams.

The paywall functionality is applied to WMSAuth group where you assign one or more media servers and create restriction rules. In a created rule, you describe which application and/or stream you apply this to and specify so called user agent group. This group defines regular expressions that describe which agents must be blocked.

Now let's see how to set up user agent restriction, step-by-step.



Create user agents group


First, let's go to "Control" -> "WMSAuth paywall setup" top menu to see the page shown below.

WMSAuth group main page.
Let's define user agent group by clicking on "User-agent groups" link. You will see the page shown below.

User-Agent groups page.

By clicking on "Add User-Agent group" you will get a new dialog to name a new group of agents settings.

Adding group name.

After defining the name you'll see the following page.

Group is created.

Now just type a regular expression for User-Agent header which you'd like to block the viewers for. The simplest way is to enter part of the agent name. The expression below will just block Mozilla-based browser to make you user watch your streams from other applications.

Agent rule was added to agent group.
Now let get back to WMSAuth groups main page from the first screenshot.

Create WMSAuth group


Click on Add WMSAuth group button to see new dialog.

Adding WMSAuth group.

Name it in a convenient way and click on creation button.

WMSAuth group is added, time to set it up further.
Now you are on a newly created group page.
Here you need to do 2 things:
  • assign servers to the group - this is where the restrictions will be applied;
  • create rules which will describe what streams the restrictions will be applied to.

Assigning the servers is easy - just select them from the list and click on Assign server. They will be applied immediately.

Server was assigned to WMSAuth group.

Now let's create restriction rule.

Create restriction rule


Click on Add rule to see a new page.

Define what app and stream to apply restriction to.
Enter rule name - it may be something simple. In "What do you want to restrict?" field, enter application name and/or stream name which you'd like to apply you restriction to. This may contain regular expressions as well.
You may use application name only - in this case all streams in the application will be covered by restriction.
"Virtual host" field may contain a domain name or IP which are used in URL - this can be used for domain lock.

Now scroll down to the bottom of the rule page.

Specify what user-agent group to restrict.

In "User-Agent groups" drop-down list, select the name of the group which you created. Then click on ">>" button to put it to Deny list on the right. This means whatever viewer has the User-Agent header that matches the regexes in the group, he/she will be denied to connect.

You may also select which Protocols this restriction rule will be applied to. This means you can apply different security setting for different media protocols.

Now click on Create WMSAuth rule button to apply all settings.

That's it. The restriction will be applied to designated servers within several seconds. If you need to block some other user agent, just go to User-Agent group and add new agent regex line there.

Allow only specific user agent


If you need to allow only specific User-Agent, you may use negative search in regular expression like
^((?!alloweduseragent).)*$

In case you're interested in blocking by other HTTP headers, check Referer header block capabilities.



If you have any questions regarding this WMSAuth functionality, just contact us.

Related documentation


Nimble StreamerWMSAuth paywall frameworkGeo-location and IP range restrictionHotlink protection and domain lock, Blocking viewers by HTTP Referer,

1 comment: