Limit C-Find/C-move from remote device

Hello - The company that I work with would like to know if there is a possibility to limit remote site from completing a C-Find and C-move. We have VPN's set up with remote sites, but we don't want these sites to initiate a c-move request without our authorization.

AFAIK access control is not that granular for DICOM associations.

One way I would solve this problem is by using DICOMweb (QIDO-RS &
WADO-RS instead of C-FIND & C-MOVE) and implementing your access
control policy with any HTTP proxy server (e.g. nginx[1]), which we've
done successfully in the past.

If the remote site does not directly support DICOMweb, you may use an
intermediary Orthanc server.


After some further thoughts on the subject I think such a solution
would remain non-trivial. I'll now point you to relevant Plugin APIs
which you can use for your scenario:



With these I believe you can write a plugin that for example matches
the source AET to allow or deny access based on a simple ACL (access
control list). No need for an intermediary server.

PS I'm sending this message containing your quoted response to the
mailing list, as I believe it isn't meant to be confidential.