Orthanc Instances Ignoring AE Title Validation: Unexpected Behavior Observed

Hello everyone!

I’m facing a curious situation with two Orthanc instances configured in my environment. Here’s the scenario:

  1. General Setup:
  • Instance 1: Responsible for modifying the patient ID, compressing the exams, and forwarding the data to Instance 2.
  • Instance 2: Serves solely as storage and is configured to accept connections exclusively from Instance 1 and the HOROS software.
  1. Observed Behavior: When configuring the PACS in HOROS, I noticed that Orthanc accepts connections based only on the IP and port, completely ignoring the AE Title.For example:
  • I can connect to Instance 1 using Instance 2’s connection details (and vice versa), as long as the IP and port are correct, regardless of the AE Title provided.
  • This behavior was also observed when testing with other PACS software.
  1. Question: What could be causing this behavior? Does Orthanc ignore the AE Title in its configuration by default? Is there an additional parameter that needs to be set to validate the AE Title for incoming connections?

I’d appreciate any insights or experiences you can share to help understand or resolve this behavior.

Thank you!

CONFIGURATIONS INSTANCE 01

ORTHANC__NAME=Orthanc-middleman
ORTHANC__DICOM_AET=MIDDLEMAN

ORTHANC__REGISTERED_USERS={"demo":"demo"}
ORTHANC__DICOM_MODALITIES={"MY_PACS":["MY_PACS","orthanc-pacs",4242]}

ORTHANC__OVERWRITE_INSTANCES=true
ORTHANC__INGEST_TRANSCODING=1.2.840.10008.1.2.4.90

ORTHANC__PYTHON_SCRIPT=/python/sanitize.py

CONFIGURATIONS INSTANCE 02

########################################################################################### 
# GENERAL CONFIGURATIONS
########################################################################################### 

ORTHANC__NAME=orthanc-pacs  # Unique name to identify this PACS instance.
ORTHANC__DICOM_AET=MY_PACS
ORTHANC__REMOTE_ACCESS_ALLOWED=true  # Allow remote access to the interface.
ORTHANC__STORAGE_DIRECTORY=/var/lib/orthanc/db  # Directory for data storage.
ORTHANC__ORTHANC_EXPLORER_2__IS_DEFAULT_ORTHANC_UI=false  # Disable default Orthanc interface (if needed).
ORTHANC__ORTHANC_EXPLORER_2__FORCE_ORTHANC_EXPLORER_2_UUIDS=true  # Force the use of specific UUIDs.
ORTHANC__HTTP_SERVER_ENABLED=true  # Enable the HTTP server for the interface.
ORTHANC__HTTP_PORT=8042  # HTTP port for the interface.
ORTHANC__DICOM_PORT=4242  # DICOM port for communication.

########################################################################################### 
# POSTGRESQL CONFIGURATIONS - DATABASE
########################################################################################### 

POSTGRES_DB=pacsdb  # Database name.
POSTGRES_USER=pacs  # Database username.
POSTGRES_PASSWORD=12345 # Password for the database.

########################################################################################### 
# POSTGRESQL CONFIGURATIONS - ORTHANC INTEGRATION
########################################################################################### 

ORTHANC__POSTGRESQL__HOST=postgres  # Database service name in Docker Compose.
ORTHANC__POSTGRESQL__DATABASE=pacsdb  # Configured database name.
ORTHANC__POSTGRESQL__USERNAME=pacs  # Configured database username.
ORTHANC__POSTGRESQL__PASSWORD=12345  # Configured database password.
ORTHANC__POSTGRESQL__ENABLE_INDEX=true  # Enable PostgreSQL indexing for fast queries.
ORTHANC__POSTGRESQL__ENABLE_STORAGE=false  # Disable storage in the database (only metadata will be saved).

########################################################################################### 
# MODALITIES CONFIGURATIONS
########################################################################################### 

ORTHANC__DICOM_MODALITIES={"MIDDLEMAN":["MIDDLEMAN","orthanc-middleman",4242], "HOROS":["HOROS","192.168.12.21",4242]}

########################################################################################### 
# CREDENTIAL CONFIGURATIONS
########################################################################################### 

ORTHANC__AUTHENTICATION_ENABLED=true  # Enable authentication for greater security.
ORTHANC__REGISTERED_USERS={"demo":"demo"}  # Credentials to access Orthanc.

########################################################################################### 
# DICOM WEB CONFIGURATIONS
########################################################################################### 

ORTHANC__DICOM_WEB__ENABLE=true  # Enable DICOMweb support.
ORTHANC__DICOM_WEB__ROOT=/dicom-web  # Base URL for DICOMweb.
ORTHANC__DICOM_WEB__ENABLE_WADO=true  # Enable WADO-RS support.
ORTHANC__DICOM_WEB__ENABLE_QUIDO=true  # Enable QIDO-RS support.
ORTHANC__DICOM_WEB__ENABLE_STOW=false  # Disable STOW-RS support (DICOM object uploads via web).
ORTHANC__DICOM_WEB__STOW_MAX_SIZE=10485760  # Maximum file size for DICOM uploads.

########################################################################################### 
# OHIF VIEWER CONFIGURATIONS
########################################################################################### 

ORTHANC__OHIF_PLUGIN_ENABLED=false  # Disable OHIF Viewer plugin.
ORTHANC__OHIF__DATASOURCE=dicom-web  # Data source configured as DICOMweb.
ORTHANC__OHIF__ROUTER_BASENAME=/ohif/  # Base route for the OHIF Viewer.
ORTHANC__OHIF__PRELOAD=false  # Disable preloading.
PUBLIC_URL=http://localhost:3000  # Public URL to access the OHIF Viewer.

########################################################################################### 
# ADVANCED CONFIGURATIONS
########################################################################################### 

ORTHANC__MAX_CONCURRENT_JOBS=10  # Maximum number of concurrent jobs allowed.
ORTHANC__STORAGE_COMMITMENT_ENABLED=true  # Enable Storage Commitment.
ORTHANC__STABLE_AGE=15  # Waiting time to consider data stable (in seconds).
ORTHANC__OVERWRITE_INSTANCES=true  # Allow overwriting DICOM instances.
ORTHANC__ALLOW_INSTANCE_REMOVAL=true  # Allow instance removal.

########################################################################################### 
# COMPRESSION CONFIGURATIONS
########################################################################################### 

ORTHANC__INGEST_TRANSCODING="1.2.840.10008.1.2.4.90"  # JPEG2000 Lossless compression.
ORTHANC__INGEST_TRANSCODING_OF_UNCOMPRESSED=false  # Do not compress uncompressed files.
ORTHANC__INGEST_TRANSCODING_OF_COMPRESSED=false  # Do not allow recompression.
ORTHANC__DICOM_LOSSY_TRANSCODING_QUALITY=90  # Quality for Lossy compression.

########################################################################################### 
# SCRIPTS CONFIGURATIONS
########################################################################################### 

#ORTHANC__LUA_SCRIPTS='["/tmp/scripts/sanitize-instance.lua"]'  # List of Lua scripts.

########################################################################################### 
# LOG CONFIGURATIONS
########################################################################################### 

# Log directory (multiple files can be generated in this directory).
ORTHANC__LOGDIR=/var/log/orthanc

# Or a single consolidated log file.
#ORTHANC__LOGFILE=/var/log/orthanc.log

ORTHANC__VERBOSE=true  # Enable detailed logs.
ORTHANC__TRACE_ENABLED=true  # Enable debugging trace.
ORTHANC__HTTP_VERBOSE=false  # Enable detailed HTTP logs.



I’m not certain, but it could be related to the following configuration options described in the example configuration file

https://orthanc.uclouvain.be/hg/orthanc/file/Orthanc-1.12.4/OrthancServer/Resources/Configuration.json#l345

{
// Whether the Orthanc SCP allows incoming C-ECHO requests, even
  // from SCU modalities it does not know about (i.e. that are not
  // listed in the "DicomModalities" option above). Orthanc 1.3.0
  // is the only version to behave as if this argument were set to "false".
  "DicomAlwaysAllowEcho" : true,

  // Whether the Orthanc SCP allows incoming C-STORE requests, even
  // from SCU modalities it does not know about (i.e. that are not
  // listed in the "DicomModalities" option above)
  "DicomAlwaysAllowStore" : true,

  // Whether the Orthanc SCP allows incoming C-FIND requests, even
  // from SCU modalities it does not know about (i.e. that are not
  // listed in the "DicomModalities" option above). Setting this
  // option to "true" implies security risks. (new in Orthanc 1.9.0)
  // Note: From Orthanc 1.10.0, this option only applies to C-FIND
  // requests for patients/studies/series/instances. Use option
  // "DicomAlwaysAllowFindWorklist" for worklists.
  "DicomAlwaysAllowFind" : false,

  // Whether the Orthanc SCP allows incoming C-FIND requests for worklists, 
  // even from SCU modalities it does not know about (i.e. that are not
  // listed in the "DicomModalities" option above). Setting this
  // option to "true" implies security risks. (new in Orthanc 1.10.0)
  "DicomAlwaysAllowFindWorklist" : false,

  // Whether the Orthanc SCP allows incoming C-GET requests, even
  // from SCU modalities it does not know about (i.e. that are not
  // listed in the "DicomModalities" option above). Setting this
  // option to "true" implies security risks. (new in Orthanc 1.9.0)
  "DicomAlwaysAllowGet" : false,

  // Whether the Orthanc SCP allows incoming C-MOVE requests, even
  // from SCU modalities it does not know about (i.e. that are not
  // listed in the "DicomModalities" option above). Setting this
  // option to "true" implies security risks. (new in Orthanc 1.9.7)
  "DicomAlwaysAllowMove" : false,

  // Whether Orthanc checks the IP/hostname address of the remote
  // modality initiating a DICOM connection (as listed in the
  // "DicomModalities" option above). If this option is set to
  // "false", Orthanc only checks the AET of the remote modality.
  "DicomCheckModalityHost" : false,
}

HTH

James

It worked, James, thank you very much for your help

1 Like