srs API: Exposed for WebRTC without any access control

cetgtptt 于 2022-12-31 发布在其他

关注(0)|答案(1)|浏览(210)

With WebRTC we need to expose http_api to public.
Why there isn't any access control for http_api?
User can send HTTP to /rtc/v1/play/ - which is OK.
But... there is also /api/v1/streams/ /api/v1/clients/ accessible for everyone in internet...

We need to setup reverse-proxy between client and SRS server?

srs

来源：https://github.com/ossrs/srs/issues/2684

1条答案

按热度按时间

f2uvfpb91#

And... everyone can publish?

vhost __defaultVhost__ {
    rtc {
        enabled     on;
        rtmp_to_rtc on;
        rtc_to_rtmp off;
    }
    security {
        enabled on;
        allow publish 1.2.3.4;
        allow play all;
    }
}

赞(0）回复(0）举报 2022-12-31

我来回答

srs API: Exposed for WebRTC without any access control

1条答案

相关问题

热门标签

最新问答