Nimble Streamer uses sessions to track users' stats as it's important to see how the content is consumed. It's used in every end-user connection unless you use HTTP origin feature to remove the session identifier.
Every session is based on user IP to be able to distinct them from one another. Normally if a session starts with some IP, it keeps using that IP until the connection is closed. If the original connection IP changes, Nimble Streamer will close the connection because IP change most probably means that someone else uses your session ID which is not good from security standpoint. The viewers with closed connection will get response code 403.
However in some cases the IP change doesn't mean anything bad. For example, if your Android users use Lite mode (also known as Data Saver), Google will use its own proxy servers to accelerate the data usage. Also, your users may use other trusted proxies for their own legit purposes.
For cases like these you may use a few features of Nimble Streamer.
Disable IP check
First of all you may disable session IP check. This can be done using this parameter
Once you disable it, your streams' direct links may be used by several viewers so you should use this approach only in case your viewers use trusted proxy servers.
Tune hotlink protection
If you use hotlink protection from WMSAuth paywall feature set and your viewers use proxies as described above, they will get error 403 and you'll find "cannot find hash match" in Nimble logs. That will happen even if you disable session IP check.
So the next thing you should do after disabling restrict_session_ip, is to use different headers for obtaining end-user IP in WMSAuth code for your web page. This can be X_FORWARDED_FOR header or others, depending on your server and proxy software. Read this article regarding proxy usage to learn more about headers' usage.
Let us know if you experience any issues with the described features.
Nimble Streamer configuration reference, WMSAuth paywall, Using paywall with proxy servers,
Every session is based on user IP to be able to distinct them from one another. Normally if a session starts with some IP, it keeps using that IP until the connection is closed. If the original connection IP changes, Nimble Streamer will close the connection because IP change most probably means that someone else uses your session ID which is not good from security standpoint. The viewers with closed connection will get response code 403.
However in some cases the IP change doesn't mean anything bad. For example, if your Android users use Lite mode (also known as Data Saver), Google will use its own proxy servers to accelerate the data usage. Also, your users may use other trusted proxies for their own legit purposes.
For cases like these you may use a few features of Nimble Streamer.
Disable IP check
First of all you may disable session IP check. This can be done using this parameter
restrict_session_ip = falsein nimble.conf. Please read configuration reference page for details on parameters' setup and usage.
Once you disable it, your streams' direct links may be used by several viewers so you should use this approach only in case your viewers use trusted proxy servers.
Tune hotlink protection
If you use hotlink protection from WMSAuth paywall feature set and your viewers use proxies as described above, they will get error 403 and you'll find "cannot find hash match" in Nimble logs. That will happen even if you disable session IP check.
So the next thing you should do after disabling restrict_session_ip, is to use different headers for obtaining end-user IP in WMSAuth code for your web page. This can be X_FORWARDED_FOR header or others, depending on your server and proxy software. Read this article regarding proxy usage to learn more about headers' usage.
Let us know if you experience any issues with the described features.
Related documentation
Nimble Streamer configuration reference, WMSAuth paywall, Using paywall with proxy servers,
No comments:
Post a Comment
If you face any specific issue or want to ask some question to our team,
PLEASE USE OUR HELPDESK
This will give much faster and precise response.
Thank you.
Note: Only a member of this blog may post a comment.