For Mediastream, one of its priorities is the security of content delivery for our customers, so we have updated our Access restrictions module to facilitate the configuration of these restrictions for a better end-user experience.

Once you enter the module the first thing you will see in the interface are the default parameters for Media and Live (1), and the option to create your custom restrictions (2).

Each time a new restriction is created, it will be listed in the interface in order of creation (Date Created).

Media Default / Live Default

As its name suggests, it is the default configuration (without rules) that platform has, when entering from Actions you will have the option to apply the Closed Access to media and/or Live, thus allowing the use of token in certain type of content, just activate it and save the corresponding changes, if you apply the tokenized restriction only in media and/or Live, keep in mind that this applies only to the selected content, leaving without restriction the one in which it was not activated, this allows you to more easily control access to AOD/VOD content independent of Live and vice versa.

You also have the option to enable or disable the DRM (Digital Rights Management) of your media or live content, and, for Media content only, there is the AES-128 Encryption section where you can enable or disable this type of encryption, these last two options will not be active in your account if you have not contracted the services.

Creating a customized Access restriction

You can create rules to the access restriction provided by platform by default, just click on the Actions button to the right of each one and edit it.

To create a new custom restriction, click the +New Access restriction button.

By doinng so, you will see the following interface:

In this one you will have the following options:

  • Access Restrictions Name: you can change or add the default name of your configuration.

  • Access Restrictions: in this section you can configure the different rules of access or restriction to your content.

  • Closed Access - AES-128 Encryption - DRM: the functions can be activated or deactivated according to the content, should only be activated if required.

Rules Configuration

In the Access restrictions section, click on the +Add rule button.

A pop-up is displayed on which we will configure our rule, by default it appears enabled and in the Everything context.

Contexts for rules:

  1. Everything: allows everything by default, it is a useful rule as for example, to grant access only to a specific site, you set "Everything: Deny" and then "Referrer: Allow", you must configure a different specific rule with the mentioned context, this configuration will be shown in the list of rules as shown in the image below.

  2. Geo Fencing: here you configure the restrictions corresponding to geolocation.

  3. Device: to configure access per device, available for Mobile and TV.

  4. Referrer: access according to the website(s) where the content is embedded.

  5. Cellular Networks: allows or denies cellular network access to the related content, distinguishes only network types 3G, 4G, etc.

  6. IP: allows the configuration of restrictions to specific IP or IPs, or to a range of them.

  7. ASN: allows or restricts access to autonomous system networks, each country and ISP has different ASNs, in this case, you could for example restrict access only to users of Claro networks.

Test Rules

Now, with this new tool, you will be able to test the rules that you have created within the access restriction before applying them to the content, to do so you must go to the >Test rules button in the section, this displays a pop-up with which you can perform the test, this contains the following fields:

  • Device: if you want to indicate the type of device, it applies to rules created under the Device context, in the case of performing the test without specifying this section, it should be left in uknown device.

  • Country: useful for testing Geo fencing context restrictions.

  • Referrer: to test access or referrer context restrictions, you only need to note the referrer in question.

  • IP: in this section, you perform the test indicating one of the IPs configured in the rule, it must be taken into account that the IP ranges will not be checked as such, but as a literal string.

  • ASN: in case this context is applied, it is enough to note in the box the corresponding ASN according to the created restriction.

  • Cellular Network: applies to cellular network tests, it is only indicated if it corresponds or not to these networks, in case it is not needed, it is only left marked as Uknown.

Once the respective setting has been made, Run test must be indicated, within the same pop-up, messages will be displayed with the result of the test, allowed or denied, according to the established rule, these messages appear in the upper part, those corresponding to allowed in green and those corresponding to denied results in red.

These results will be displayed according to the rules and will indicate to which of them applies in case you have configured more than one, for example if it is an access allowed rule it will appear something like:

Result: Allowed by 1st rule

If it is a result denying access it will appear:

Result: Denied by 2nd rule

To activate the customized configurations, simply enter the corresponding media (as long as no categories have been selected) or the live signal and go to the Access Restrictions section, where all the rules created will appear and you only have to select the one you wish to apply.



Media Categories

With a customized configuration, you will be able to restrict access according to the rules to one or more categories of the media module, you only have to indicate which ones and save the changes, additionally, you will be able to enforce the restriction in the subcategories or not.

When indicating in the platform on which categories the configured rules will be applied, it will not be necessary to indicate the corresponding access restriction in the content, just leave it in Default.


Example 1 - IP restriction + category

It is required to restrict access to a specific IP and this does not have access to VOD content in a special category, for this we create a new access restriction with the name IP_Media, then we go to create the respective rules:

The first must be a rule with everything context and indicating Allow.

In the second rule, we indicate the IP context (1), specify that access is denied (2), the Is parameter is left active (3), then we write down the IP we want to block and press enter (4), once configured, press Add (5).

After configuring the rules, in the Categories section we indicate to platform on which they should be applied, if the category does not contain sub-categories, the button is disabled,

Once finished, save the changes, you can proceed to perform the test, with this configuration, all other IPs except the one that denies access will have free access to play the content related to the selected category.

Once everything is done, if we apply the iframe on a test page on an allowed IP, the content will be played immediately.

Within the restricted IP, performing the same process you will see the following message on the screen.

Example 2 - Restriction by Geo Fencing

We are going to restrict content only for the countries Madagascar and Congo, we select the Geo Fencing context in the rule, then we deny the corresponding access and proceed to locate the countries mentioned in the list, for this example the Is parameter must ALWAYS be active.

Vista de la configuración:

Then we proceed to perform the respective test by pressing the >Test rules button, in this we indicate to check on mobile devices, we add the country with geo fencing (Congo)

Once configured, press Run test, platform should display the following message Denied by xxxx rule

Here you can verify that the rule is being considered and Congo will not have access to your content, additionally, it also tests a country that is not restricted, platform delivers the message Allowed by default indicating that the content is delivered by default to the rest of the countries.

With this example, if we want our content to be played only in a specific country, for example Chile, the first rule must be configured with context everything and denying access, by default, this context will always be Is.

Then we configure a second Geo fencing rule allowing only Chile to have access to this specific content, leave Option Is active and save, both rules will appear in our list, just perform the respective tests again.

Our list will look as follows

To consider:

  1. If a restriction does not have a rule created (Action) it will not be displayed when selecting it within the specific content and the default rules of the account for Live and Media will be applied..

  2. In the default media restriction, you will not be able to apply the restriction by categories, any configuration made in this one will be applied directly to all AOD/VOD content.

  3. If the Is option in a rule is active in any context, the rule will be applied to the related content, otherwise if it is set to Is not, the rule will be overridden with the opposite result to the one configured.

  4. With the default configuration for media and live provided by platform, it will not be necessary to test using >Test rules.

If you have any related questions please feel free to write to us via chat.

Att: Team Mediastream

Did this answer your question?