external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

Security: Support IP whitelist for HTTP-FLV, HLS, WebRTC, and SRT. v5.0.202 v6.0.104 (#3902)

Browse source 
Security is the built-in IP whitelist feature of SRS, which allows and
denies certain IP and IP range users. Previously, it only supported
RTMP, but this PR now supports HTTP-FLV, HLS, WebRTC, SRT, and other
protocols.

See https://ossrs.io/lts/en-us/docs/v6/doc/security as example.

---------

Co-authored-by: john <hondaxiao@tencent.com>
This commit is contained in:
Haibo Chen 2023-12-14 21:36:06 +08:00 committed by GitHub
parent 1b34fc4d4e
commit 6d56c407c6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 62 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
trunk/src/app/srs_app_http_static.cpp
View file

@ -64,6 +64,7 @@ void SrsHlsVirtualConn::expire()
SrsHlsStream::SrsHlsStream()
{
_srs_hybrid->timer5s()->subscribe(this);
security_ = new SrsSecurity();
}
SrsHlsStream::~SrsHlsStream()
@ -76,6 +77,7 @@ SrsHlsStream::~SrsHlsStream()
srs_freep(info);
}
map_ctx_info_.clear();
srs_freep(security_);
}
srs_error_t SrsHlsStream::serve_m3u8_ctx(ISrsHttpResponseWriter* w, ISrsHttpMessage* r, ISrsFileReaderFactory* factory, string fullpath, SrsRequest* req, bool* served)
@ -167,6 +169,10 @@ srs_error_t SrsHlsStream::serve_new_session(ISrsHttpResponseWriter* w, ISrsHttpM
return srs_error_wrap(err, "stat on client");
}
if ((err = security_->check(SrsHlsPlay, req->ip, req)) != srs_success) {
return srs_error_wrap(err, "HLS: security check");
}
// We must do hook after stat, because depends on it.
if ((err = http_hooks_on_play(req)) != srs_success) {
return srs_error_wrap(err, "HLS: http_hooks_on_play");