Limit Scope of Access on a Wowza CDN Fastly Target

This article only applies to the workflow when Fastly "pulls" from your Wowza Streaming Engine server.

Depending on the need for security, and other factors, Fastly targets can be configured to pull from all applications on a single Wowza Streaming Engine instance, a specific application, or a specific stream. 

This article will cover limiting Fastly access to either a specific application or a specific stream name.

Limit by Application

Limiting Fastly Target access to a single application can serve many purposes

  • Obfuscate or remove the application from the client-side request URL
  • Restrict client access to streams from other applications
  • Restrict streams from a single application to a single CDN security policy

Step 1: Configure the Fastly Target

  1. Log into Wowza Video
  2. Go to Advanced in the top menu bar
  3. Click Stream Targets
  4. Click Add new target
  5. Select the Fastly target
  6. Give the Target a name
  7. Select "Enable Custom Origin"
  8. Select a Region (default is "US")
  9. Define the Wowza Streaming Engine host IP or domain as the Custom Origin URL
    You must include the protocol "http://" or "https://". No port details required.
    Format:[application name]/
    HTTP Example:
    HTTPS Example:
  10. Save the target

Step 2: Build the Fastly Playback URL

  1. Log into Video
  2. Go to the Stream Target page for your Fastly target
  3. Go to Playback URLs
  4. Expand the HLS section
  5. Copy the URL format

Wowza Video UI - Fastly  URL format

You will still see the URL format containing the application and stream name tokens, these can be ignored.[fastly-stream-id]/[application name]/[wse-stream-name]

Modified URL format

Fastly playback URLs requires two (2) sub-paths between the FMSID (Fastly Stream ID) and the playlist type. As the application is no longer defined in the playback URL, the application instance must take its place to satisfy the two sub-path requirements.[fastly-stream-id]/[application-instance]/[wse-stream-name]

HLS Example[fastly-stream-id]/_definst_/myStream/playlist.m3u8

Step 3: Test the playback URL

  1. You can use a test HLS player with ABR support, like TheoPlayer's HLS test player
  2. Check the ABR renditions by finding the Player toolbar, and selecting the settings icon
  3. Check the available renditions match your namegroup or SMIL file.