Directive Reference

allow

The 'allow' directive in the NGINX RTMP module restricts streaming access by permitting specific IP addresses.

NGINX RTMP module
Syntaxallow IP | CIDR;
Defaultnone
Context
Arguments1-2

Description

The 'allow' directive is used within an RTMP application context to specify which IP addresses are permitted to publish or play streams. When this directive is utilized, it operates in conjunction with the 'deny' directive to manage access controls for streaming operations. You can specify one or two arguments for this directive: either a single IP address (e.g., '127.0.0.1') which enables access only to that address, or a CIDR notation for a range of IPs (e.g., '192.168.1.0/24'). If no 'deny' directives are present, any address not explicitly denied will be permitted access, applying a default 'deny all' behavior when 'allow' is not defined.

The placement of the 'allow' directive is critical; it must appear before any 'deny' directives for it to take effect correctly. Also, if both 'allow' and 'deny' directives are used, the latter will take precedence, thereby enforcing stricter access control. Thus, the order in which these directives are declared dictates the effective result of the access control policy for the RTMP application.

Config Example

rtmp {
    server {
        listen 1935;
        application myapp {
            allow publish 127.0.0.1;
            deny publish all;
            allow play all;
        }
    }
}

Ensure 'allow' appears before 'deny' for correct precedence.

Using CIDR notation incorrectly can lead to unintended access permissions.

Not specifying 'deny' may lead to less secure access if 'allow' is used ambiguously.

Related Directives

denyallow playallow publish
← Back to all directives