Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API: Exposed for WebRTC without any access control #2684

Closed
streamthing opened this issue Oct 16, 2021 · 2 comments · Fixed by #3458
Closed

API: Exposed for WebRTC without any access control #2684

streamthing opened this issue Oct 16, 2021 · 2 comments · Fixed by #3458
Assignees
@duiniuluantanqin
Labels
Bug It might be a bug. EnglishNative This issue is conveyed exclusively in English. WebRTC WebRTC, RTC2RTMP or RTMP2RTC.
Milestone
5.0

Comments

@streamthing
Copy link

With WebRTC we need to expose http_api to public.
Why there isn't any access control for http_api?
User can send HTTP to /rtc/v1/play/ - which is OK.
But... there is also /api/v1/streams/ /api/v1/clients/ accessible for everyone in internet...

We need to setup reverse-proxy between client and SRS server?
@streamthing
Copy link
Author

And... everyone can publish?

vhost __defaultVhost__ {
    rtc {
        enabled     on;
        rtmp_to_rtc on;
        rtc_to_rtmp off;
    }
    security {
        enabled on;
        allow publish 1.2.3.4;
        allow play all;
    }
}

@winlinvip winlinvip changed the title http_api exposed for WebRTC without any access control API: Exposed for WebRTC without any access control Oct 18, 2021
@winlinvip winlinvip added Bug It might be a bug. WebRTC WebRTC, RTC2RTMP or RTMP2RTC. labels Oct 18, 2021
@winlinvip winlinvip added this to the 5.0 milestone Oct 18, 2021
@duiniuluantanqin duiniuluantanqin linked a pull request Oct 18, 2021 that will close this issue
RTC: support refer and security #2686
Closed
@duiniuluantanqin duiniuluantanqin removed a link to a pull request Nov 9, 2021
RTC: support refer and security #2686
Closed
@duiniuluantanqin
Copy link
Member

fixed by #3458

@duiniuluantanqin duiniuluantanqin linked a pull request May 22, 2023 that will close this issue
API: Support HTTP basic authentication for API. v6.0.4, v5.0.152 #3458
Merged
@winlinvip winlinvip added the EnglishNative This issue is conveyed exclusively in English. label Jul 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@duiniuluantanqin duiniuluantanqin

Labels
Bug It might be a bug. EnglishNative This issue is conveyed exclusively in English. WebRTC WebRTC, RTC2RTMP or RTMP2RTC.
Projects
None yet
Milestone
5.0
Development

Successfully merging a pull request may close this issue.

API: Support HTTP basic authentication for API. v6.0.4, v5.0.152 duiniuluantanqin/srs
3 participants
@winlinvip @duiniuluantanqin @streamthing