Restricting Video Playback Using IP Address

This topic provides an overview of how IP address restriction can be used to limit video distribution.

Overview

In order to limit video playback to internal viewers only, Video Cloud Enterprise publishers can use IP address restriction. This approach prevents all the players in an account from loading unless the browser loading the player uses one of a specified list (whitelist) of allowed IP addresses. This provides a level of security that goes beyond domain restriction or geo-restriction.

When you set up IP address restriction, it applies to all the players in that account. You will need to use a separate account for players and videos that you want to make publicly available.

When a user tries to load a page that contains a Video Cloud player from an address that is not on the whitelist, they will see an error message that says "The video you are trying to watch cannot be viewed from your current country or location."

How to set up IP address restriction

To set up IP address restriction for one of your Video Cloud accounts, contact Brightcove Support. You will need to work with Support to identify or create an account for this purpose and provide a text file that contains your IP address whitelist.

Creating an IP address whitelist

To set up IP address restriction for one of your Video Cloud accounts, you need to provide Brightcove Support with a whitelist of the IP addresses that should be allowed to load Video Cloud players. Most companies use one or more gateways through which internal corporate traffic reaches the outside Internet. Your IP address whitelist should include the IP addresses of all of these gateways.

The whitelist should include each IP address on a separate line. You can also include a range of IP addresses. For example:

38.39.23.40
38.39.23.48
38.39.23.50-38.112.23.69
38.39.23.100-38.112.23.199

You can use subnet masks in Dot-decimal notation, such as:

38.39.23.50/255.255.255.0

You can also use CIDR block notation, such as:

38.39.23.50|24

38.39.23.50/24

Video Cloud content

When using the Playback API to retrieve content from a Video Cloud account which is configured for IP restrictions, you must use the following URL:

https://edge.api.brightcove.com/playback/v1

Use edge.api.brightcove.com instead of playback.brightcovecdn.com.

Implementation details

When a Brightcove Player is asked to load a video from a Video Cloud account, it connects to the catalog at either one of these hostnames:

https://playback.brightcovecdn.com/playback/v1/(Supports IPv6 and IPv4).

https://edge.api.brightcove.com/playback/v1/(Supports IPv4 only).

If you require IP restrictions, you must use the edge.api.brightcove.com hostname. The following steps lead you through the configuration change:

If you feel the slight delay is worth the benefit, you must configure every player that needs to access the IP restricted account from outside North America. You can make this change in Studio in the PLAYERS module. The following steps lead you through the configuration change:

Open the Players module and either create a new player or locate the player to which you wish to make the configuration change.
Click the link for the player to open the player's properties.
Click JSON Editor in the left navigation menu.
Locate the video_cloud section in the JSON, which will look similar to the following (there may be more or fewer name/value pairs):
```
"video_cloud": {
    "policy_key": "BCpkADaw...ndVx5X"
  },
```
After the last entry, add a comma, then the following name/value pair:
```
"base_url": "https://edge-elb.api.brightcove.com/playback/v1/"
```
The JSON Editor should appear similar to the following:
Save and publish the updated player.

You should not modify the base_url unless you have a specific requirement. The default setting is suitable for most situations.