Juniper MEDIA FLOW CONTROLLER 2.0.5 Release Note Download

Page: 9 / 16

New Features

Media Flow Controller 2.0.5 Release Notes

Release 2.0.5

Virtual Player Hash Verify

•

For generic and smoothflow type virtual-players, there are new hash-verify options to
help prevent bandwidth stealing and to allow you to refine your hash calculation:

expiry-time-verify query-string-parm <string>

url-type {absolute-url | relative-uri | object-name}

Notes:

•

expiry-time-verify query-string-parm

—Specify a query parameter string for

expiry-time-verify; for example, e. The value supplied by the query parameter must
be a standard POSIX timestamp (seconds since January 1 1970 00:00:00 UTC).
Media Flow Controller extracts the timestamp value from an incoming URL and
compares it with the current time in its system to determine if the URL request has
expired. An expiry time of 0 (zero) indicates it “does not expire.”
Sample URL request form where “e” indicates the expiry-time-verify query-string-
parm value:

http://www.example.com/media/foo.flv?e=3312665958&h=ec41f550878f45d9724776761d6ac416

•

url-type

—Specify which part of the request URL to use to generate the hash for

hash-verify:

•

absolute-url

—Current and default behavior. The hash calculation should use

the entire request URL (including the query string up to the configured match
query-string-parm value).

•

relative-uri

—The hash calculation should use only the URI part of the request

URL, excluding the domain and access method (but including the query string up
to the configured match query-string-parm value).

•

object-name

—The hash calculation should use only the object name part of the

request URL (and the query string up to the configured match query-string-parm
value).

Media Flow Controller computes an md-5 hash of an incoming URL by combining a specified
part of the URL, the url-type, along with a configured shared-secret that is appended or
prefixed (as configured) to it. The computed hash digest value is then compared with the hash
value provided in the incoming URL via a configured match query-string-parm. If a match
between the computed and provided hash values is unsuccessful, the request is denied.

You can help prevent bandwidth stealing by adding a check for the expiry time of the
requested URL with the hash-verify expiry-time-verify option that compares the incoming
request’s timestamp with the current Media Flow Controller timestamp. The expiry-time-
verify value must be placed in front of the hash value so it becomes part of the hash; if an
attempt is made to request the same URI again by tampering with the expiry-time-verify
value, the request fails as the hash will not match.

Note!

The virtual-player <name> type <type> hash-verify command has several elements;

and many virtual-player commands are different based on what type of virtual-player you are
configuring. See the Media Flow Controller Administrator’s Guide and CLI Command
Reference for details on using virtual-player.