[Icecast] Send admin kill request to server

Coolvibes Reloaded jayaubs89 at gmail.com
Mon Feb 27 12:38:39 UTC 2023 

ha funny stating about authorization i can't find anything either

On Fri, Feb 24, 2023 at 12:40 PM HGAlt <hgalt at gmx.net> wrote:

> Good Morning Philipp,
>
> that make be a good point.
> But it would be very helpful, if in the Icecast documentation would be
> very clear defined, which kind of authorization is required for which
> server version.
>
> At least, I could not find anything!
>
> -----Ursprüngliche Nachricht-----
> Von: Icecast [mailto:icecast-bounces at xiph.org] Im Auftrag von Philipp
> Schafft
> Gesendet: Samstag, 18. Februar 2023 20:53
> An: Icecast streaming server user discussions
> Betreff: Re: [Icecast] Send admin kill request to server
>
> Good afternoon,
>
> On Sat, 2023-02-18 at 13:23 +0100, HGAlt wrote:
> > Hi everybody,
> >
> > finally I found a solution!
> >
> > First, Icecast requires a Basic Authorization, which has to provide
> > via a header.
>
> This is not fully correct. It depends on the configuration and may change
> with different versions of the server.
>
> An important note here, and to be honest the main reason why I answer:
> NEVER EVER just append a random Authorization:-header without implementing
> all of the HTTP authorisation mechanism. If you do so you basically are
> broadcasting cleartext passwords to random peers, and are likely to get in
> trouble with changes of software versions or configurations. It is a big
> no-go. Always use the mechanism as provided by your HTTP implementieren.
>
> Please see the relevant standards for a full discussion on how and why
> this breaks security and interoperability.
>
>
> > But this can’t be done via JavaScript or JQuery, due the security
> > features of the browsers.
> > For more detail information see
> > https://stackoverflow.com/questions/75463305/difference-basic-authoriz
> > ation-between-postman-and-jquery-ajax/75493285#75493285
> > .
>
> If you adhere to CORS it works fine for me. A simple XHR request with
> credentials passed via open() worked.
>
> Naturally you are bound to CORS. Icecast can announce any kind of CORS
> settings via it's config.
>
> XHR also allows you direct access to the response Icecast gives you as it
> provides you with the response's DOM. So you can directly check the result.
> :)
>
>
> With best regards,
>
> > Von: Icecast [mailto:icecast-bounces at xiph.org] Im Auftrag von HGAlt
> > Gesendet: Donnerstag, 16. Februar 2023 15:49
> > An: 'Icecast streaming server user discussions'
> > Betreff: Re: [Icecast] Send admin kill request to server
> >
> > Hi Fred,
> >
> > I am understand the requirements already a little bit better.
> >
> > What I have to Do is a HTTP GET with a Basic Authorization in the
> > header. I have tested it with ‘Postman’ and it works fine with
> > Icecast.
> > But I have to do it with Javascript or JQuery. Therefore curl doesn’t
> > help me.
> >
> > I try to use Ajax for that, but something goes wrong.
> > If I do it without Autorization, I got a return message which says
> > 'Authentication required'.
> > If I enable the Autorization it tells me only readyState: 0.
> >
> > If I will find a solution, I will post it here.
> >
> > Cheers
> >
> > Von: Icecast [mailto:icecast-bounces at xiph.org] Im Auftrag von Fred
> > Gleason
> > Gesendet: Mittwoch, 15. Februar 2023 16:57
> > An: Icecast streaming server user discussions
> > Betreff: Re: [Icecast] Send admin kill request to server
> >
> > On Feb 14, 2023, at 13:24, HGAlt <hgalt at gmx.net> wrote:
> >
> > > I am a little bit confused!
> > >
> > > http://192.168.1.10:8000/admin/killclient?mount=/mystream.ogg&id=21
> > >
> > > This is an example of the Icecast documentation for kill a client.
> > > And this is a HTTP GET, which is send to the Icecast server.
> > > You also wrote, that there are no user and pass for an API.
> > >
> > > What I have to know, what does the Icecast server expect?
> > > If there is no user and pass, how the server knows, that is a valid
> > > request.
> >
> >
> > You should be able to send this with proper HTTP authentication
> > parameters by using CURL. Something like:
> >
> >             curl -u admin:hackme
> > http://192.168.1.10:8000/admin/killclient?mount=/mystream.ogg&id=21
> >
> > This is different from encoding the parameters as if they were part of
> > an HTML form.
> >
>
> --
> Philipp Schafft (CEO/Geschäftsführer)
> Telephone:           +49.3535 490 17 92
> Website:             https://www.loewenfelsen.net/
> Follow us:           https://www.linkedin.com/company/loewenfelsen/
> Geschäftsführer/CEO: Philipp Schafft
>
> Löwenfelsen UG (haftungsbeschränkt)     Registration number:
> Bickinger Straße 21                     HRB 12308 CB
> 04916 Herzberg (Elster)                 VATIN/USt-ID:
> Germany                                 DE305133015
>
>
> --
> Diese E-Mail wurde von Avast-Antivirussoftware auf Viren geprüft.
> www.avast.com
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20230227/9021bcd5/attachment.htm>

More information about the Icecast mailing list