Lua script to give write-read access only to local network

I want to give read-write access only to my local network (ip range) and read access to other ip , but i do not now how to do it and if is possible.

I want to modify this lua script, that i use to give access to one ip.

function IncomingHttpRequestFilter(method, uri, ip, username, httpHeaders)

if method method == ‘GET’ then
– Read-only access (only GET method is allowed)
return true
elseif username == ‘admin’ and ip == ‘add-your-ip-address-here’ ( i want to give my local ip range )
then – Read-write access for administrator (any HTTP method is allowed on localhost) return true
else – Access is disallowed by default
return false
end

many thanks,

kyriacos

I can use OR statement as a workaround but some pc in my network get automatic ip from dhcp server

Στις Πέμπτη, 1 Απριλίου 2021 στις 9:38:30 μ.μ. UTC+3, ο χρήστης Dkorthosurgery έγραψε:

We can’t provide much guidance, as this entirely relies on the way IP ranges are attributed by your DHCP server.

The “OR” statement is not a workaround, but the proper solution to your scenario.

I you want more flexibility regarding string parsing than offered by Lua, or if you need to gather information from other systems in your network (such as from your DHCP server), you might have an interest in using a Python plugin:
https://book.orthanc-server.com/plugins/python.html#forbid-or-allow-access-to-rest-resources-authorization

Sébastien-

Is it possible with lua script to restrict access on a specific port of an ip and give access to onother port of the same ip ?
for example 192.168.1.2:2443 and 192.168.1.2:3443

Στις Παρασκευή, 2 Απριλίου 2021 στις 9:29:23 π.μ. UTC+3, ο χρήστης s.jo...@gmail.com έγραψε:

Your question doesn’t make sense, as Orthanc only listens on 1 TCP port for HTTP/REST, and on 1 another TCP for the DICOM protocol.

A Lua script can determine the TCP ports that are used by Orthanc by querying the “/system” URI. For instance:

$ curl https://demo.orthanc-server.com/system
{
“ApiVersion” : 11,
“DatabaseBackendPlugin” : null,
“DatabaseVersion” : 6,
“DicomAet” : “ORTHANC”,
“DicomPort” : 4242,
“HttpPort” : 8042,
“IsHttpServerSecure” : false,
“Name” : “Orthanc Demo”,
“PluginsEnabled” : true,
“StorageAreaPlugin” : null,
“Version” : “1.9.1”
}

If you have a reverse HTTP proxy that maps 2 different ports onto the same instance of Orthanc, you can configure this proxy to add a HTTP header that reflects the used port number, then use the “httpHeaders” information that is provided to the Lua callback “IncomingHttpRequestFilter()”.

I use two different reverse proxies in the same machine
i want one to be fully secure and accept only get request
The other one to use it for maintenance only and have read - write acces
As workaround i use is to have the reverse proxies in differnet machines
Unfortunately using in the nginx proxy custom header X-Real-IP $remote_addr doesnt seems to work
We are trying to bulid a non commercial frontend in order to give restricted access to patient studies using iframe, throught authentication system based on passwords, patient id number and patient date of birth
many thanks,
Kyriakos

Στις Παρασκευή, 9 Απριλίου 2021 στις 1:29:24 μ.μ. UTC+3, ο χρήστης s.jo...@gmail.com έγραψε:

My workaround to my senario to give full access to local users and restricted access to users through internet ( as an additional layer of security)

is to use a secure local reverse proxy server and the iua script below

function IncomingHttpRequestFilter(method, uri, ip, username, httpHeaders)
– Only allow access to explorer and DELETE requests for local users

if uri == ( ‘/app/explorer.html’ or method == ‘DELETE’ ) and ip == ‘local reverse proxy server ip
then return false;
else
return true;
end
end

Στις Παρασκευή, 9 Απριλίου 2021 στις 2:32:00 μ.μ. UTC+3, ο χρήστης Dkorthosurgery έγραψε: