Re: [HAPI-devel] Restricting inbound connections to a known IP address

Fri, 25 Sep 2020 05:18:09 -0700 

Hi David;

I have not dug into the bowels of the HAPI Server implementation, so I could be
off base, but I’ll throw this our there nonetheless. I believe you have several 
options, 
one of which you mention….using the firewall.

Other options

1) Programmatic:  implement your own “baby application firewall”
    a: allow the connection
    b: before doing anything else, grab the connection socket
    c: compare to a list of IPs that you’ll “accept” (assuming you know what 
they are)
    d: if sourceIP Is not on your list, close the socket. If IP is allowed, 
then proceed as normal

2: Programmatic: 
    a: the server socket accept() can be overridden (if using Java)
    b: perhaps the IP list can be checked there before establishing an actual 
connection

Some type of middleware:

2) add a load balancer. There are open source load balancers out (HAProxy, 
NGINX). It can do the
    Ip Address filtering for you.

If you are worried about some type of DOS attack, you’ll certainly want to be 
auditing traffic to see
where its coming from.

Good Luck
Walter



> On Sep 25, 2020, at 6:32 AM, david.mblackburn--- via Hl7api-devel 
> <hl7api-devel@lists.sourceforge.net> wrote:
> 
> Hi All,
>  
> I have been using HL7 HAPI for a while now but have been recently asked if we 
> could restrict the server listener so that only designated ip addresses can 
> connect, when invoking the server there doesn’t appear to be a way to do this 
> unless I use an external firewall on the server machine, any thoughts?
>  
> Rgds
> DavidB.
> 
>  
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>  Virus-free. www.avg.com 
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>  
> <x-msg://34/#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>_______________________________________________
> Hl7api-devel mailing list
> Hl7api-devel@lists.sourceforge.net <mailto:Hl7api-devel@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/hl7api-devel 
> <https://lists.sourceforge.net/lists/listinfo/hl7api-devel>

_______________________________________________
Hl7api-devel mailing list
Hl7api-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/hl7api-devel






















					Reply via email to