Url callback without auth

[ibcs01]

Hi Karl,

Hope your doing well?

Quick question; i know that it is possible to create callbacks to an url when listeners connect or disconnect using the url_auth method. But is it also possible to do these callbacks, without the auth part?

We want to use the callback to report back listeners details to the website. So we really do not need the auth part. But the url callbacks we do need. On busy days the url_auth callbacks sometimes result in a popup requesting to fill in a username and password when a listener connects and the server does not respond fast enough. So I'm looking for an alternative way to do an url callback without the auth part.

Or maybe you have another suggestions on how to do this?

Any help is appreciated.

Best Sven

[karlheyes]

there is no async facility for the url engine, so it is blocking in that sense. You can set it to presume they are ok in cases where the backend server link is down but you would lose the reporting (auth option presume_innocent value yes).

I suppose it could be made to be a fire and forget type of thing, where the client is not rejected and have some sort of retrying logic to push data to the backend. Not sure if that will have some issues but there is a case to answer for what happens in failure cases.

You could just run a localised server for the backend use (usng DB replication or a journalled log) that is only for the metrics and that localised server then periodically updates the main server with details.

karl.

[ibcs01]

Thanks for your fast reply.

Never heard of the option presume_innocent but it sound like a great alternative. I've tested it right away and it does exactly what you say. This will solve the issue of a username and password popup.

But what i forgot to mention is that we add tokens to the stream url to prevent sharing url outside the application. This stops functioning with presume_innocent enabled. Tokens are no longer respected. I tried it both with the backend webserver enabled or disabled; in both cases the token was ignored and the stream played even when invalid tokens are used. Do we need to send another header by the auth script when access is denied in this case? Or will it not work when using presume_innocent.

We add token to the url now so it looks like: mountName.ogg?token=1234etc

[ibcs01]

And is it also possible to send an access denied header, in stead of the userename / password popup?

[karlheyes]

I don't see any reason for the mount= arg being any different just because of that setting. It's unclear on whether clients will resend it in all cases.

If you want to report a rejection back to the listener, then use the header

icecast-auth-user: 403 You shall not pass

or some other suitable message, the 403 is the key

karl

[ibcs01]

The 403 is a good solution and works great. Thanks!