Yeeek. That?s a lot of options :)
As someone who is pretty savvy but has only ever left Icecast authentication at
the defaults, are there any examples, as I need to get it turned off pretty
quickly.
Also, as there is no ?publicstats? in the admin dir, I?m guessing it is aliased
somewhere. A grep finds:
src/acl.c: acl_set_admin_str(ret, ACL_POLICY_ALLOW,
"buildm3u,publicstats,publicstats.json");
src/admin.c:#define PUBLICSTATS_RAW_REQUEST "publicstats"
src/admin.c:#define PUBLICSTATS_JSON_REQUEST
"publicstats.json"
src/admin.c: { PUBLICSTATS_RAW_REQUEST, ADMINTYPE_HYBRID,
ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_public_stats, NULL},
src/admin.c: { PUBLICSTATS_JSON_REQUEST, ADMINTYPE_HYBRID,
ADMIN_FORMAT_JSON, ADMINSAFE_SAFE, command_public_stats, NULL},
?but not sure if I should start messing around in ?c? files. I?m a js guy ;)
> On 21 Jan 2024, at 11:03, Philipp Schafft <phschafft at
de.loewenfelsen.net> wrote:
>
> Good morning,
>
> On Sun, 2024-01-21 at 10:39 +0000, TDAS wrote:
>> Can anyone tell me why /admin/publicstats is unprotected? And how I
>> go about changing that!?
>>
>> I don?t understand why it would be accessible by anyone without
>> authenticating when it is under /admin/ ??
>
> The endpoint is meant to be a replacement for /status-json.xsl which it
> deprecates.
>
> The admin/-namespace is basically everything that is not user provided.
> It might not be the best name, but it's called that for historical
> reasons?.
>
> Endpoints in the admin/-namespace are subject to normal access control
> (and have always been). For example mount specific endpoints have
> always been available with the source credentials as well by default.
> And the buildm3u endpoint has always been accessible to anyone (as it
> is useless otherwise).
>
> Access to those endpoints can be controlled using the normal
> allow/deny-admin options, using "publicstats", and
"publicstats.json"
> as commands.
>
> Please also note that the different stats view are also subject to some
> content filtering logic. So you'll find that depending on which of the
> endpoints you access and depending on your used credentials you will
> have access to different data.
>
>
> For more details see:
> https://wiki.xiph.org/Icecast_Server/2.5_Authentication
>
>
> With best regards,
>
> --
> Philipp Schafft (CEO/Gesch?ftsf?hrer)
> Telephone: +49.3535 490 17 92
> Website: https://www.loewenfelsen.net/
> Follow us: https://www.linkedin.com/company/loewenfelsen/
> Gesch?ftsf?hrer/CEO: Philipp Schafft
>
> L?wenfelsen UG (haftungsbeschr?nkt) Registration number:
> Bickinger Stra?e 21 HRB 12308 CB
> 04916 Herzberg (Elster) VATIN/USt-ID:
> Germany DE305133015
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast