Restrict access to DCM4CHE 2.x.x for predefined client's IP range

[Udara]

Dear,

Currently, DCm4CHEE 2.x.x is working in our hospital using a common password given to OVIYAM. Oviyam is the view we are using at the moment. But we found that other non-medical staff also accessing to the same information where it is not necessary.

Therefore I want to restrict access to OVIYAM viewer (knows the element of the pacs) to the ALLOWED IP addresses only. 

Could you please assist me in this case? 

In our HIS we have used .htaccess changes to resctict unwanted IP addess ranges adhering the steps at https://mediatemple.net/community/products/grid/204643080/how-do-i-redirect-my-site-using-a-htaccess-file

Like that, How can I do this to restrict the access into DCm4chee and oviyam ?

Bye

[Jon Ander Zuccaro]

I don't think this is a good idea since even dcm4chee 2 allowed you to have different users with different roles with oviyam sharing the same JAAS realm as the PACS. Even that old JBoss allowed you to enable single sing-on. Each of your users should have an individual user name and password.

You could, nonetheless, implement something like this using Apache as a reverse proxy for JBoss, the instructions are out there. All you need to add is the IP whitelist functionality.

You could also simply do it via a firewall on the server itself. If you are using Linux, something like ufw could suffice I believe, simply only allow connections to port 8080 to the whitelisted IP addresses.

Bear in mind that any resourceful user could simply change the IP address of their own machine to one of the whitelisted ones to easily gain access to the system.

[Udara M Pathirage - උදාර පතිරගේ]

Dear Jon,

Thanks for your support. I have done the same thing using 'htaccess' file in Apache. But in here where should I put that htacess file since couldn't find the apache root or the webroot.

Could you please assist me on this?

Bye

>>Best Regards From
  Maj Udara Pathirage
       Master of IT, UCSC, Colombo | BSc in ENCM, Kelaniya | Dip. IT, NIBM | MCS(SL) | MBCS CITP (UK) | SNOMED CT

--
You received this message because you are subscribed to the Google Groups "dcm4che" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/3975a169-c866-4b64-850c-35fb9db7eb15%40googlegroups.com.

[Jon Ander Zuccaro]

Hi Udara.

The htaccess is used when the application is hosted inside Apache but you are not going to host dcm4chee in Apache, you are going to use Apache as a reverse proxy server.

Please google the instructions to put dcm4chee behind a proxy server using Apache. The process is not very complex.

Once you have that working you can add some additional configuration parameters to also limit the proxy access to a certain IP range. This is not done via a httaccess file, you edit a certain .conf file inside Apache.

If this is too complex, you can always fallback to some Firewall rules inside the server. Even the Windows Firewall allows you to whitelist a certain IP range and block everything else. Block port 8080 to anybody except the allowed IP addresses.

To unsubscribe from this group and stop receiving emails from it, send an email to dcm...@googlegroups.com.

[Udara M Pathirage - උදාර පතිරගේ]

 Hi Jon,

Thanks for your direction. I able to handle the situation using UFW (Ubuntu Firewall as you directed). It is due to your support, I glad about that.

Bye

>>Best Regards From
  Maj Udara Pathirage
       Master of IT, UCSC, Colombo | BSc in ENCM, Kelaniya | Dip. IT, NIBM | MCS(SL) | MBCS CITP (UK) | SNOMED CT

To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/a670a177-ccf0-4412-86ff-eccc883e1afd%40googlegroups.com.