[Icecast] Protect Icecast Admin/Run on different port?
lion at lion.leolix.org
Wed Apr 3 14:40:48 PDT 2013
On Wed, 2013-04-03 at 14:37 +0300, "Rücker, Thomas" wrote:
> On 03/04/13 10:08, David Farrell wrote:
> > On 3 April 2013 02:19, Philipp Schafft <lion at lion.leolix.org> wrote:
> > On Thu, 2013-03-28 at 14:28 +0000, David Farrell wrote:
> > Hi Philipp,
> > Thanks for your reply.
> > You can not run the admin interface on a diffrent port.
> > I also don't see how that should improve security.
> > We would not expose the administrative port to the world, rather to
> > a range of trusted IP addresses.
> Feel free to file a ticket at http://trac.xiph.org
> It might not be too complicated to add a check that admin requests can
> only come through a certain port. Bonus points for sending patches.
We currently support a allow/deny list for IP addresses at connection
layer. Maybe we could port that to the next layer (admin, web, yp,
source, stats). I guess that would solve your problem. See below.
> > Which kind of attac do you try to protect against? Maybe I
> > can help you
> > if you tell a bit more about your overall goal.
> > The goal is just really to restrict administrative access to the
> > systems.
> If you really know what you're doing a light weight reverse proxy is
> currently the only option to filter that.
> I can see that restricting requests to either an IP white-list or a
> port would be desirable for production environments.
This requires (as well as all the other possible solutions) complex
rules as there are some stuff within admin/ that needs special handling:
playlist generation, resources accessable to the source(user) and
resources accessed by the source itself (meta data updates for broken
PS: I got like a milion copies of your E-Mail. They all have distinct
message-id. Please check your MUA/MTA/... to avoid this. Thanks!
(Rah of PH2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.xiph.org/pipermail/icecast/attachments/20130403/f7e87bd9/attachment.pgp
More information about the Icecast