[Icecast] separation of web interface and mountpoint

Philipp Schafft phschafft at de.loewenfelsen.net
Fri Dec 28 16:40:36 UTC 2018 

Good afternoon,


On Fri, 2018-12-28 at 08:55 -0600, webmaster at berean-biblechurch.org
wrote:
> It looks like default behavior is for Icecast to expose its web
> interface on the same address and port as any mountpoint. E.g.:
> 
>   mountpoint = https://server.com/listentome
>   web app = https://server.com/

Yes. Icecast supports all operations on all sockets.


> I'd like to restrict the web interface to ONLY A CERTAIN IP ADDRESS AND
> TCP PORT so that it is not accessible on the public IP. E.g.:
> 
>   mountpoint = https://server.com/listentome
>   web app = https://192.168.1.10:8000/

It's a bad idea to use IP addresses. If at all, you should add a DNS
record for it in your internal DNS zone.

> Is this possible? 

This depends on your version. With Icecast 2.4.x (stable) it is mostly
possible. With Icecast 2.5.x (development) it is possible but requires
some configuration.


> In other words, I don't want any web interface to be available to the
> internet.  I want the web UI to be available only to my local
> machine/LAN and the mountpoint (stream) available to the internet. 

The big point here is: Why are you trying to do this?:
      * Mounts can be set as hidden so they are not listed. If listing
        mounts is the problem.
      * If you don't like the public WI at all, just point your
        <webroot> to an empty directory. You can also modify the XSLT
        files to match your needs.
      * The admin interface can be secured using a secure password. This
        will make keep it available and secure.
      * Hiding the version number: Doing this makes it harder for
        debugging. However it does not improve security at all (as many
        think) as you can fingerprint the version number anyway.
      * The authentication system can be used for precise access
        control. (This is even more true for Icecast 2.5.x).


With best regards,

-- 
Philipp Schafft (CEO/Geschäftsführer) 
Telephon: +49.3535 490 17 92

Löwenfelsen UG (haftungsbeschränkt)     Registration number:
Bickinger Straße 21                     HRB 12308 CB
04916 Herzberg (Elster)                 VATIN/USt-ID:
Germany                                 DE305133015
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20181228/c23825cc/attachment.sig>

More information about the Icecast mailing list