Logo

Securing Your Server

By default the server is open to the world; which means that anybody who can connect to your server can browse or play any of your available music, see your statistics, or perform searches.

If you wish to impose tighter controls you should restrict access to your server either by using the available IP address restrictions or via a good firewall policy.

IP Address Restriction

Allowing Addresses

Edit the configuration file and include all the IP addresses, or ranges which you'd like to be able to use your via the 'allowed_clients' setting.

If you wish to enable everybody to access the server then leave the setting as it is by default 'allowed_clients = all' - otherwise follow the examples to limit access, eg:

#  Limit the clients who can connect and use your server by IP address.
#
#  Multiple entries are allowed - simply seperate the values by ';' as
# shown in some of the examples below.
#
#  Only people on the same subnet, (class C):
# allowed_clients = 192.168.2.x
#
#  Only one machine may connect:
# allowed_clients = 192.168.2.12
#
#  Everybody local, and one remote address:
# allowed_clients = 192.168.2.x; 194.247.82.33
#
#  Everybody local, and one remote range:
# allowed_clients = 192.168.2.x; 194.237.82.x
#

Denying Addresses

To complement the 'allowed_clients' option there is a matching 'denied_clients' setting which allows you to deny particular address.

The deny options take precendence over the allowed options, so in the following example all the IP addresses in the 192.168.2.x range have acesses except 192.168.2.2, and 192.168.2.44

allowed_clients = 192.168.2.0/8
denied_clients  = 192.168.2.2; 192.168.2.44

Password protection

Previously it was possible to restrict server access via a weak form of password protection. Given that 99% of media players did not support even HTTP Basic authentication this protection was deliberately weak.

Recognising the lack of real security this support was removed with the v3.0 release of the project.