Limit C-Find/C-move from remote device

Hello - The company that I work with would like to know if there is a possibility to limit remote site from completing a C-Find and C-move. We have VPN's set up with remote sites, but we don't want these sites to initiate a c-move request without our authorization.

AFAIK access control is not that granular for DICOM associations.

One way I would solve this problem is by using DICOMweb (QIDO-RS &
WADO-RS instead of C-FIND & C-MOVE) and implementing your access
control policy with any HTTP proxy server (e.g. nginx[1]), which we've
done successfully in the past.

If the remote site does not directly support DICOMweb, you may use an
intermediary Orthanc server.

[1] http://nginx.org/en/docs/http/ngx_http_auth_request_module.html

After some further thoughts on the subject I think such a solution
would remain non-trivial. I'll now point you to relevant Plugin APIs
which you can use for your scenario:

OrthancPluginRegisterMoveCallback
http://sdk.orthanc-server.com/group__Toolbox.html#ga2e9d921421fb9e46870
17fb7d1f599c1

OrthancPluginMoveCallback
http://sdk.orthanc-server.com/group__Toolbox.html#ga106198077a3cde765d7
5c20917cc0af3

With these I believe you can write a plugin that for example matches
the source AET to allow or deny access based on a simple ACL (access
control list). No need for an intermediary server.

PS I'm sending this message containing your quoted response to the
mailing list, as I believe it isn't meant to be confidential.