<div dir="ltr"><div>Ok people, thank for your much needed info.<br><br>I will follow up with the outcomes when the project is running<br><br></div>Edoardo<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-01-17 17:24 GMT+01:00 David Saunders <span dir="ltr"><<a href="mailto:abitar.com@gmail.com" target="_blank">abitar.com@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">oops, I hit the return and it got sent.<div><br></div><div>All those questions depends on the application you setting up. if your worried about security, isolate the icecast server from your network. </div><div><br></div><div>We designed a user interface on the company web site fronts the stream servers. The customers get a simple URL for the stream. We use several stream servers some on site and some off, our web server setup to server up a play list or a message when the http client goes to stream.company/mount. When you go to the company site www.comapny/mount you get information about the stream, and archive.company/mount will bring up archives :) </div><div><br></div><div> since we run multiple IPs with multiple servers and multiple connections to the internet we can spread the load around. We aculy have not done any customization of the icecast servers they are set up on the default ports. </div><div><br></div><div>only thing we have seen over the years with icecast is a attempt to DOS the mount point. We would get 1000s/sec of connection with no streaming, I wrote a condition in the security monitor that will block the ip and place it in the blacklist of icecast. And we have a short spike of connections now then they get blocked off. And since I keep the black list updated I remove any connections from that IP from then stream use report. </div><div><br></div><div> </div><div>What you can disable or enable on the UI I never got into, Never needed to. Just use strong passwords. Make separate passwords for all sources. And only use the master password for testing or emergency use. </div><div><br></div><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jan 17, 2016 at 9:36 AM, David Saunders <span dir="ltr"><<a href="mailto:abitar.com@gmail.com" target="_blank">abitar.com@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hey. <div><br></div><div> They are big questions, I no expert with exploits of icecast so I will give you what I have gain from experiences.</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Sun, Jan 17, 2016 at 9:30 AM, Edoardo Putti <span dir="ltr"><<a href="mailto:edoardo.putti@gmail.com" target="_blank">edoardo.putti@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div>Hello everyone,<br><br></div><div>I'm in the process of running an Icecast server and I would like to know some best pratices.<br><br></div><div>1. Should I place Icecast on port 8000 or should I change that to one more common (80, 443...)?<br></div><div>2. Should I place the server behind a webserver like ngingx or apache?<br></div><div>3.Can I disable the login interface? what can be disabled?<br><br></div><div>My best guess is to run icecast behind a webserver, keeping icecast on port 8000 and refusing everything that is not a request for a legit mount, adding a custom admin url.<br><br></div><div>Thanks for your input<span><font color="#888888"><br><br></font></span></div><span><font color="#888888"><div>Edoardo Putti<br></div></font></span></div>
<br></div></div>_______________________________________________<br>
Icecast mailing list<br>
<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a><br>
<a href="http://lists.xiph.org/mailman/listinfo/icecast" rel="noreferrer" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Icecast mailing list<br>
<a href="mailto:Icecast@xiph.org">Icecast@xiph.org</a><br>
<a href="http://lists.xiph.org/mailman/listinfo/icecast" rel="noreferrer" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a><br>
<br></blockquote></div><br></div>