This issue was reported to Wowza Media Services in early 2009.
Now it surfaced again.
In a nutshell, you can escape Application’s
StorageDir using relative path.
Let’s say you have two applications:
Requesting to play
vod2 will work just fine
thus bypassing configured StorageDir.
- Implement custom module that supplies either
IMediaStreamFileMapperoverride which blocks requests falling outside configured
- Use StreamNameAlias module to block requests with relative paths
- Upgrade to Wowza 3.5.2.06 (patch that hopefully fixes this issue)
- Don’t use predictable paths
- 2013-04-06 Wowza Media Services contacted about this issue
- 2013-04-08 Wowza acknowledges this bug, no further info received
- 2013-04-30 Public release due to vendor’s non-cooperation