Foliovision

Main navigation

HLS streams from AWS S3 without using CloudFront

[Solved]

Foliovision Forums FV Player How to … HLS streams from AWS S3 without using CloudFront

  • Anonymous 6 years, 2 months ago

    Is it possible to serve HLS streams from AWS S3 without using CloudFront?

    I know it’s not as efficient. (And the tutorial doesn’t cover it.)

    But, I tested it on my website, and it seems to work.

    Could you confirm that this is not a problem?

    The reason I ask is, when serving files from S3, I can protect them
    against hotlinking by using a bucket policy like:

    “Sid”: “Explicit deny to except from specific referer.”,
    “Effect”: “Deny”,
    “Principal”: “*”,
    “Action”: “s3:*”,
    “Resource”: “<my_s3_bucket>/*”,
    “Condition”: {
    “StringNotLike”: {“aws:Referer”: [“https://<my_domain>/*”%5D}
    }

    to make sure that any connections originating outside of my domain are
    disallowed.

    This way, even when some gets access to the url to the m3u8 file (for
    instance “Video Download Helper” does), they cannot download it.

    With CloudFront it’s possible to download the m3u8 from the url, and
    theoretically, the rest of the HSL streams. Yes, I guess it’s encrypted,
    but… preventing access to an encrypted file seem like another layer of
    security compared to just encrypting the file.

    Cheers,

    -E

    PS – If directly serving from S3 is not a security problem (in the way
    the player works), you may want to add it to the HLS setup documentation.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Martin 6 years ago

    Hello Anonymous,

    it can work without CloudFront, you just have to make sure all the related files are publicly accessible. You can do so by editing the bucket Permissions and enabling Public access for Everyone.

    We published a guide for AWS WAF – with that service you can setup the referer restriction for your CloudFront distributions: https://foliovision.com/player/securing-your-video/hls-stream#securing

    Thanks,
    Martin

    Anonymous 6 years ago

    BTW – the new documentation you’ve uploaded is great and very helpful. So is your software, and your support – thank you for the great work!

    Alec Kinnear 6 years ago

    Hi Anonymous,

    The way we create this great documentation is by helping one another and that means publishing support discussions like this one.

    I firmly believe in public forums for software (almost all vendors have hidden support now – I find that very destructive and self-interested).

    Thanks for being part of Foliovision!

    Alec

    Alec Kinnear 6 years ago

    Hi Anonymous,

    The way we create this great documentation is by helping one another and that means publishing support discussions like this one.

    I firmly believe in public forums for software (almost all vendors have hidden support now – I find that very destructive and self-interested).

    Thanks for being part of Foliovision!

    Alec

    Alec Kinnear 6 years ago

    Hi E,

    No is the answer. We do not promise privacy on our public forums. Indeed these are public forums and what you post here belongs to Foliovision. We do remove identifying information where appropriate.

    Feel free to choose other software and go with a closed forum type unhelpful big company who could care less about you, your website or videos. We’re an open source company who believe in making the web better and not hoarding secrets.

    Thanks for being part of Foliovision!

    Alec

    • This reply was modified 6 years, 2 months ago by Alec Kinnear.
Viewing 5 replies - 1 through 5 (of 5 total)
Reply To: HLS streams from AWS S3 without using CloudFront



All materials © 2024 Foliovision s.r.o. | Panská 12 - 81101 Bratislava - Slovakia | info@foliovision.com