srs API: Exposed for WebRTC without any access control

cetgtptt  于 2022-12-31  发布在  其他
关注(0)|答案(1)|浏览(223)

With WebRTC we need to expose http_api to public.
Why there isn't any access control for http_api?
User can send HTTP to /rtc/v1/play/ - which is OK.
But... there is also /api/v1/streams/ /api/v1/clients/ accessible for everyone in internet...

We need to setup reverse-proxy between client and SRS server?

f2uvfpb9

f2uvfpb91#

And... everyone can publish?

vhost __defaultVhost__ {
    rtc {
        enabled     on;
        rtmp_to_rtc on;
        rtc_to_rtmp off;
    }
    security {
        enabled on;
        allow publish 1.2.3.4;
        allow play all;
    }
}

相关问题