[Icecast] Securing the Icecast admin page

Philipp Schafft phschafft at de.loewenfelsen.net
Tue Jan 18 13:12:17 UTC 2022

Good afternoon,

On Tue, 2022-01-18 at 10:47 +0100, unosonic wrote:
> just a guess and untested, maybe you could create / add to a specific
> logfile utilizing
> icecast auth mechanism, esp. listener_add 
> https://icecast.org/docs/icecast-2.4.0/auth.html
> in general it would be nice to have a more elaborated access control
> in icecast, like in apache or nginx webservers... 

(please keep my reply to the original question in mind.)

Icecast 2.5 improved the auth system a lot over 2.4 (which actually was
the main reason we started with 2.5).

If you feel there is something missing I would be very happy to hear
about this via our ticket system:

Really looking forward to any suggestions.

With best regards,

> Damian:
> > Yeah, that’s what I thought, except f2b reads from the logs you
> > specific, and so when I tested logging in with incorrect Icecast
> > user credentials on my server, I could not see any lines in the
> > Icecast access.log file to indicate that a failed login attempt was
> > recorded. It leads me to think that f2b would not work in this
> > instance.

Philipp Schafft (CEO/Geschäftsführer) 
Telephon: +49.3535 490 17 92

Löwenfelsen UG (haftungsbeschränkt)     Registration number:
Bickinger Straße 21                     HRB 12308 CB
04916 Herzberg (Elster)                 VATIN/USt-ID:
Germany                                 DE305133015
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20220118/4f7958c6/attachment.sig>

More information about the Icecast mailing list