For sites and integrations where additional security measures are required, VideoWhisper applications support login session check on RTMP side.

This is used to make sure no clients will be able to connect to rtmp server without having previously logged in with the _login.php scripts.
When a new client tries to connect to RTMP server with a session name, rtmp application will check on the web server if that client session exists. If web server does not confirm that client logged in, rtmp server will reject the connection. RTMP server will also check for a webKey that needs to be configured same way on rtmp and web server: this will prevent connections in case of web domain hijacking.
Notes
- This will disable connections from external encoders (ie. FMLE) and players (ie. JwPlayer) to that rtmp address, as these will not provide a session name to check for validity.
- Usually, each installation will require its own rtmp side that checks session info with that installation. Otherwise you will have to tweak scripts to check on all installations.

 

RTMP Configuration

RTMP side web session check is currently supported for Wowza rtmp side. Download latest version of Wowza rtmp side, deploy to your server and update these settings in conf/videowhisper-web/Application.xml :


<Properties>
<Property>
<Name>acceptPlayers</Name>
<Value>true</Value>
</Property>
<Property>
<Name>webLogin</Name>
<Value>http://installation_url/rtmp_login.php?s=</Value>
</Property>
<Property>
<Name>webKey</Name>
<Value>VideoWhisper</Value>
</Property>
<Property>
<Name>webLogout</Name>
<Value>http://installation_url/rtmp_logout.php?s=</Value>
</Property>
</Properties>
</Application>

 

 

Then restart WowzaMediaServer service. For troubleshooting check Wowza access logs. If errors occur in the error logs submit a ticket to VideoWhisper about this.

Web Configuration

Download latest Video Conference php edition and check these integration files:
rtmp.inc.php – stores session info when user authenticates from vc_login.php ; contains $webKey if you want to change it
rtmp_login.php – called by rtmp server to see if a session name is valid (authenticated); also gets canKick permission to allow user to kick clients
rtmp_logout.php – called by rtmp server when client with a session name disconnected (to cleanup session)

Configure settings.php to use the videowhisper-web rtmp address.

To integrate this on other editions or installations you will need to copy the 3 files mentioned above to installation folder and include rtmp.inc.php in the _login.php scripts that authorize the user.
Other changes could be required depending on particularities of each integration.

Sample Demo Configuration

Installation url: http://www.videowhisper.com/demos/vc_web
Using rtmp address: rtmp://videowhisper.com/videowhisper-web

         <Property>
<Name>webLogin</Name>
<Value>http://www.videowhisper.com/demos/vc_web/rtmp_login.php?s=</Value>
</Property>
<Property>
<Name>webKey</Name>
<Value>VideoWhisper</Value>
</Property>
<Property>
<Name>webLogout</Name>
<Value>http://www.videowhisper.com/demos/vc_web/rtmp_logout.php?s=</Value>
</Property>

 

 

Related Posts: