Background / Context

For a proper creation of the peering network in eCDN mode, our Peering Manager component requires the local IP address of each participant from the stream’s audience.

This can be achieved in two ways:

  • Place a Peering Manager instance within the local network

  • Disable mDNS for specific URLs in the client’s browser

This article will describe the latter variant.

In most browsers, it is also possible to disable mDNS entirely. As this also lowers the user’s security and privacy, we do not recommend doing so. Instead, please follow these guides to disable mDNS for certain URLs only.

Which URLs need to be listed in order to disable mDNS?

It is important to list all the URLs from which media content is to be consumed. Normally, this would be the URL of the hosted page provided by the EVP. However, if the EVP uses an iframe internally, the URL of the iframe must also be listed. If the EVP itself is embedded in a third-party page, the URL of the embedding page must also be provided. Wildcards are allowed to simplify listed URLs like https://*.example-evp.com or https://*.third-party.com.


Chrome for Enterprise

Option 1, Chrome browsers are being managed through the Cloud

  1. Go to the Chrome settings on Google Admin (Devices → Expand the “Chrome” item on the left side → Settings → Users & browsers) or use this link.

  2. Look for the setting called “WebRTC ICE candidate URLs for local IPs“. It is important to list all URLs from which media content is to be consumed. If a page uses an embedded iframe that contains the media player, the URL of that iframe must be added as well:

** If you are using an EVP **
https://player.example-evp.com
** If you are using an EVP that is based on an embedded iframe **
https://iframe.example-evp.com
** If you are using an EVP that is embedded on a third-party page **
https://page.third-party.com
CODE

Option 2, Chrome browsers are being managed through Active Directory Group Policies

Google offers a collection of policy templates in ADM and ADMX formats for Active Directory to manage Chrome instances.

After extracting the archive, you can find the corresponding templates in windows/adm(x)/$your-language-$your-locale/.

Once installed, you can create a Group Policy containing the property WebRtcLocalIpsAllowedUrls. It is important to list all URLs from which media content is to be consumed. If a page uses an embedded iframe that contains the media player, the URL of that iframe must be added as well:

** If you are using an EVP **
https://player.example-evp.com
** If you are using an EVP that is based on an embedded iframe **
https://iframe.example-evp.com
** If you are using an EVP that is embedded on a third-party page **
https://page.third-party.com
CODE
Active Directory Group Policy to disable mDNS based on URLs

As another option, you can also distribute the corresponding Windows Registry settings directly, for example:

[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls]
** If you are using an EVP **
"1"="https://player.example-evp.com"
** If you are using an EVP that is based on an embedded iframe **
"2"="https://iframe.example-evp.com"
** If you are using an EVP that is embedded on a third-party page **
"3"="https://page.third-party.com"
TEXT

Option 3, Chrome browsers on macOS

To distribute the setting on macOS devices, the creation of a property list (plist) file is required.

The following example just contains the required portion of the configuration for disabling mDNS for certain URLs and needs to be merged into your already existing property list for Chrome, if you already have one. If you don’t have one yet and rely on the standard one, please make sure that you include Chrome’s default settings in the property list file as well.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>WebRtcLocalIpsAllowedUrls</key>
	<array>
		<!-- If you are using an EVP -->
		<string>https://player.example-evp.com</string>
		<!-- If you are using an EVP that is based on an embedded iframe -->
		<string>https://iframe.example-evp.com</string>
		<!-- If you are using an EVP that is embedded on a third-party page -->
		<string>https://page.third-party.com</string>
	</array>
</dict>
</plist>
XML

The resulting .plistfile needs to be named com.google.Chrome.plist.

Once you created the final version of the .plist file, it needs to be distributed through the device management tool of your choice to the macOS devices. This might require the conversion of the .plist file to a policy file (.mobileconfig) first, which can be done for example with https://github.com/timsutton/mcxToProfile or with the tooling you already use.


Microsoft Edge

Option 1, Microsoft Edge browsers are being managed through Active Directory Group Policies

Similar to Chrome, Microsoft Edge browsers can also be configured to disable mDNS for certain URLs through a Group Policy or a Windows Registry setting.

The Group Policy Templates (ADM and ADMX formats) can be downloaded here, the structure of the archive is the same as the one above for Google Chrome.

You can find the whole information here, a short example for a policy would be to look for the property called WebRtcLocalIpsAllowedUrls. It is important to list all URLs from which media content is to be consumed. If a page uses an embedded iframe that contains the media player, the URL of that iframe must be added as well:

** If you are using an EVP **
https://player.example-evp.com
** If you are using an EVP that is based on an embedded iframe **
https://iframe.example-evp.com
** If you are using an EVP that is embedded on a third-party page **
https://page.third-party.com
CODE

An example for the Windows Registry:

** If you are using an EVP **
SOFTWARE\Policies\Microsoft\Edge\WebRtcLocalIpsAllowedUrls\1 = "https://player.example-evp.com"
** If you are using an EVP that is based on an embedded iframe **
SOFTWARE\Policies\Microsoft\Edge\WebRtcLocalIpsAllowedUrls\2 = "https://iframe.example-evp.com"
** If you are using an EVP that is embedded on a third-party page **
SOFTWARE\Policies\Microsoft\Edge\WebRtcLocalIpsAllowedUrls\3 = "https://page.third-party.com"
CODE

Option 2, Microsoft Edge browsers on macOS

As recent versions of Microsoft Edge are based on Chromium, the same method and property list example as in Option 3 for Google Chrome can be applied. The only difference is the naming of the resulting file which needs to be com.microsoft.Edge.plist.


Firefox for Enterprise

Mozilla also offers a collection of Group Policy templates (ADMX format only!) which are available to download here. As an alternative, you can also distribute a policy file that works on every operating system and without the need to have Active Directory.

Option 1, Firefox browsers are being managed through Active Directory Group Policies

Based on the templates above, create a policy to set the preference media.peerconnection.ice.obfuscate_host_addresses.whitelist (deprecated, still used by ESR 68) or media.peerconnection.ice.obfuscate_host_addresses.blocklist (supported by all current versions, starting from version 79) and provide the list of URLs, for example:

player.example-evp.com, iframe.example-evp.com, page.third-party.com
NONE

If you cannot use the Active Directory Group Policy templates, it is also possible to distribute the required setting for the Windows registry directly:

[HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox\Preferences] (Type REG_MULTI_SZ)

{
  "media.peerconnection.ice.obfuscate_host_addresses.blocklist": {
    "Value": "player.example-evp.com, iframe.example-evp.com, page.third-party.com",
    "Status": "user"
  }
}
CODE

Option 2, Firefox browsers are being managed through a policy.json file

This method works on every operating system and is not limited to Windows.

First, create a file called policy.json or edit one if you already have this in use. The minimal content should look like this:

{
  "policies": {
    "Preferences": {
      "media.peerconnection.ice.obfuscate_host_addresses.blocklist": {
        "Value": "player.example-evp.com, iframe.example-evp.com, page.third-party.com",
        "Status": "user"
      }
    }
  }
}
JSON

Change Log

Document Owner: @a user

Version

Date

Person

Description

1.2.1

10.11.2021

@a user

Add Windows registry key for Firefox

1.2.0

09.06.2021

@a user

Add screenshots and descriptions how to configure settings on macOS devices

1.1.0

25.05.2021

@a user

Add more details regarding which URLs need to be listed → iframes etc.

1.0.0

12.05.2021

@a user

Initial version