It looks like default behavior is for Icecast to expose its web interface on the same address and port as any mountpoint. E.g.:
mountpoint = https://server.com/listentome
web app = https://server.com/
I'd like to restrict the web interface to only a certain IP address and TCP port so that it is not accessible on the public IP. E.g.:
mountpoint = https://server.com/listentome
web app = https://192.168.1.10:8000/
Is this possible?
You can just create <mount> sections for the files/parts you want to be protected and enable <authentication>. Yes, it works on files too, not just streams. The XML transforms that show stream information are status.xsl and status-json.xsl.
For details please refer to the manual: https://icecast.org/docs/icecast-trunk/auth/
The other option is to remove those files and only use the web pages and raw XML within /admin.
Icecast 2.4 does not allow for separation of files and streams.
