Geo-block Wowza CDN on Fastly stream targets with the Wowza Video REST API

The Wowza Video™ service allows you to selectively allow or block access to Wowza CDN on Fastly stream targets so that you can control where a stream can be viewed. Learn how to use the REST API to control the locations where your stream can be viewed.

Before you start

You should complete the following tasks:

Create a transcoder . You'll need the resulting transcoder_id to assign the token-authenticated stream target to the transcoder. View our connect a source topics to learn how to create a live stream or transcoder for RTMP, RTSP, IP camera, SRT encoder, UDP encoder, WebRTC, and Wowza Streaming Engine.

You should be familiar with the following concepts:

API authentication methods . We use JSON web tokens for API authentication. See Authentication for more information.
Environment variables . We use environment variables for the API version and your JWT in the cURL API request examples in this topic to make it easier for you to copy, paste, and run commands in your Terminal or Command Prompt window. If you don't set environment variables for these values, you'll need to manually enter the correct values in the code samples throughout this tutorial. See Tools for testing the API for instructions.

1. Add a Wowza CDN on Fastly stream target for HLS playback

Create a Wowza stream target configured to play streams from Wowza CDN on Fastly over HLS by sending a POST request to the /stream_targets/fastly endpoint. You can enable geo-blocking during this step, configure which locations are allowed or blocked, and configure any IP address overrides you may need.

You can use the following sample request, making sure to:

Set geoblock_enabled to true .
Set geoblock_by_location to allow .
Set geoblock_country_codes to the locations affected by the geo-blcoking. Enter a comma-separated list of uppercase two-letter ISO 3166-1 country codes. For a list, see ISO 3166-1 on Wikipedia.
Set geoblock_ip_override to allow or deny . allow permits access from IP addresses within a location that's been blocked, while deny restricts access from IP addresses within locations that are allowed.
Set geoblock_ip_addresses to addresses that can access or restrict the stream even if they're within a specified geo-blocked location. Use a comma-separated list of IPv4 and IPv6 IP addresses that always allow or deny streaming based on the geoblock_ip_override value. You can block or allow a combination of up to about 40 IP addresses.

Sample request

Endpoint Reference

Copy

Copied

curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${WV_JWT}" \
-d '{
   "stream_target_fastly": {
     "name": "MyHLSTarget",
     "geoblock_enabled": true,
     "geoblock_by_location": "allow",
     "geoblock_country_codes": "DE, US",
     "geoblock_ip_override": "deny",
     "geoblock_ip_addresses": "1.2.3.4, 9.8.7.6",
     "referer_enabled": false
   }
 }' "${WV_HOST}/api/${WV_VERSION}/stream_targets/fastly"

The response includes:

A stream_target_id you will use to assign stream targets.

Sample response

Copy

Copied

{
  "stream_target_fastly": {
    "id": "1234abcd",
    "name": "MyHLSTarget",
    "state": "activated",
    "stream_name": "st1r2eam",
    "delivery_protocols": [
        "hls"
    ],
    "playback_urls": {
      "hls": [
        {
	  "name": "default",
          "url": "https://[subdomain].wowza.com/1/[stream_id]/[stream_name]/hls/live/playlist.m3u8"
         }
      ]
    },
    "token_auth_enabled": false,
    "token_auth_playlist_only": false,
    "geoblock_enabled": true,
    "geoblock_by_location": "allow",
    "geoblock_country_codes": "DE, US",
    "geoblock_ip_override": "deny",
    "geoblock_ip_addresses": "1.2.3.4, 9.8.7.6",
    "force_ssl_playback": false,
    "created_at": "2016-02-23T16:04:23.170Z",
    "updated_at": "2016-02-23T16:04:23.170Z"
  }
}

Troubleshooting: The limit of 40 IP addresses is approximate because all the security information (SSL playback, geoblocking countries and IP addresses, referer header, and token auth) count toward an overall metadata limit.

If you have fewer than 40 IP addresses and still receive a 422: Invalid Record (Geoblock IP addresses) error when you try to save your stream target, there are some additional things you can try:

Make sure that the combined characters for IP addresses and locations is under 400 characters. You'll need to use the two-letter ISO 3166-1 country code when considering the total characters.

IPv4 takes up less space than IPv6, so use IPv4 when you can.

2. Assign the geo-blocked stream target to a transcoder's output rendition

You can use the following sample request, making sure to:

Set stream_target_id to the id listed in the response from step 1.
Set transcoder_id to the id for the transcoder.
Set output_id to the id for the output rendition.

Sample request

Endpoint Reference

Copy

Copied

curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${WV_JWT}" \
-d '{
   "output_stream_target": {
     "stream_target_id": "1234abcd"
   }
 }' "${WV_HOST}/api/${WV_VERSION}/transcoders/[transcoder_id]/outputs/[output_id]/output_stream_targets/"

Sample response

Copy

Copied

{
   "output_stream_target": {
    "stream_target_id": "1234abcd"
   }
}

More resources

Security features in Wowza Video

Related requests

PATCH/stream_targets/fastly/ID — Update a Wowza CDN on Fastly stream target's geo-blocking configuration.