[Icecast] Public stats on beta

Sun Jan 21 11:03:08 UTC 2024

Good morning,

On Sun, 2024-01-21 at 10:39 +0000, TDAS wrote:
> Can anyone tell me why /admin/publicstats is unprotected? And how I
> go about changing that!?
> 
> I don’t understand why it would be accessible by anyone without
> authenticating when it is under /admin/ ??

The endpoint is meant to be a replacement for /status-json.xsl which it
deprecates.

The admin/-namespace is basically everything that is not user provided.
It might not be the best name, but it's called that for historical
reasons™.

Endpoints in the admin/-namespace are subject to normal access control
(and have always been). For example mount specific endpoints have
always been available with the source credentials as well by default.
And the buildm3u endpoint has always been accessible to anyone (as it
is useless otherwise).

Access to those endpoints can be controlled using the normal
allow/deny-admin options, using "publicstats", and "publicstats.json"
as commands.

Please also note that the different stats view are also subject to some
content filtering logic. So you'll find that depending on which of the
endpoints you access and depending on your used credentials you will
have access to different data.

For more details see:
https://wiki.xiph.org/Icecast_Server/2.5_Authentication

With best regards,

-- 
Philipp Schafft (CEO/Geschäftsführer)
Telephone:           +49.3535 490 17 92
Website:             https://www.loewenfelsen.net/
Follow us:           https://www.linkedin.com/company/loewenfelsen/
Geschäftsführer/CEO: Philipp Schafft

Löwenfelsen UG (haftungsbeschränkt)     Registration number:
Bickinger Straße 21                     HRB 12308 CB
04916 Herzberg (Elster)                 VATIN/USt-ID:
Germany                                 DE305133015