External Auth Control and Authorized CDN Delivery

This article explains about External Auth Control by which the client can ensure the authenticity of the CDN delivery requests done by his users/viewers with the help of an authorization server. All client-related information can be sent to an external server for approval before edge servers deliver the stream.

If a client requests a stream or switches to another stream, 5centsCDN will send a request to the authorization server with the following parameters:

  1. Token: An authentication token that is generated automatically or by a website
  2. Name: The name of a stream or a file
  3. IP: The IP address that belongs to the client
  4. IPReferer: The HTTP referer, or the online source that drives visitors to your website
  5. Total_clients: The total number of open sessions on the server
  6. Stream_clients: The number of open sessions for this stream
  7. Request_type: new_session for a new session, or update_session for existing session
  8. Type: hds, hls, rtmp, rtsp, mpegts or mp4
  • If the authorization server returns the HTTP status code 200, the stream will be approved, and the session will open or continue.
  • If the backend returns an HTTP 401 or 403 status code, the stream will be blocked, and the session will be closed.
  • All other statuses and timeouts are interpreted as a lack of data and the query is repeated.

To Implement External Auth Control for you streams please follow the below steps:

  • Select the Publishing point for which you need to enable External Auth Control by going to the path Live Streams > Streams and then click on the View button near to the appropriate Publishing Point.
  • Under the Security section, click on External Auth Control.
  • Toggle the button to Enable mode and add your authentication script under the filed Auth URL ( Example : http://example.com/auth.php ) and Save it.

This script will crosscheck the User/Viewer parameters and determines authorized users. In case if you want to whitelist some IPs and avoid script authentication, you can enable them under Allowed IPs. Kindly note that script is customised by the user and it ensures the validity of the requests. Please make sure to test the authenticity of the script before integrating with the CDN.

Once you have integrated the auth script you have successfully configured the External Auth Control and you are ready to go.