Hi all.
I am struggling to do a configuration with our dhis2 instance for the mobile devices using the capture android app.
I am looking for the different ULRs I should authorize through the firewall in order to make a white list. I also followed this link Server requriements - DHIS2 Documentation regarding the list of URLs to include but still not working.
Otherwise when there is no restriction it works fine. I need to restrict user access to the DHIS2 platform only.
We are aware of implementations using the Android app with firewall restrictions and working fine. The App should be reaching the mentioned URLs in the documentation. If this is not working we advise following these steps to troubleshoot the issue:
Thank you for your quick reply. I noticed that when one tries with an empty I mean a fresh installtion without any program, it works. But when it is with an instance that runs some programs it does not work with only the DHIS2 instance URL authorized. I will manage to make the flipper application work and watch the diffrents http requests to see how it is going. I am using Windows and my installation of flipper is not working yet
hi @Malick , I hope you can solve the issue, let us know otherwise. Should you need another tool to inspect the requests you can also use https://httptoolkit.tech/ if you cannot make Flipper work.
Hi Jaime ! Thank you for the support ! I was not able to install flipper but I deed install a packet capture tool on my tablet that makes possible to see http request made by the DHIS2 capture application. Then I installed Httptoolkit and made the same test that is capturering the resquest made by the DHIS2 capture app without any restriction at the network level. I saw three main requests made by the application:
1- The URL of my DHIS2 instance
2- o552031.ingest.sentry.io
3- usage.analytics.dhis2.org
After that I run the test by allowing only these three URLs but the application was not working as expected (I mean I was not able to log in successfully and access to the dashboard).
But if I run the packet capture application or Httptoolkit and I start the packet capture the DHIS2 capture application works normally. I saw that the packet capture application create a vpn on the tablet.
To summarize, if the pactket capture application is running I am able to achieve the goal that is to restrict the network usage to the DHIS2 URL only. Otherwise it does not work.
The next question will probably be what does the packet capture apps do that make the capture works even when the network is restricted as explained aboe
Hi @Malick , sorry for the late reply but I had to do many tests before replying with confidence. Usually I test everything on the training app but this time I tried the production app and set up a testing network to simulate your scenario.
I can confirm that the DHIS2 Android App should work well in a restricted environment as it was mentioned in the linked post. Let me quickly describe my setup which I believe correspond to yours (more or less):
I set up very strict rules in my firewall (I used the laptop for that purpose as an Access Point and acting as a router, but this shouldn’t matter). I am using iptables as my firewall.
I tested without mapbox first and I could make the application work but maps were constantly loading. However, after adding the mapbox servers everything worked. I could login, sync, metadata sync and push/pull data.
The same behavior was experienced with using HTTP Toolkit as you mentioned. I could block everything except the requests to the DHIS2 server and make the application work. But still, wanted to replicate your setup to be confident.
Having said all this. I would advice you to check with your network admin, or enable logging on your firewall and inspect requests to understand what’s going on.
Cheers.
P.S: I forgot to add that the two URL you mentioned are URL used for analytics and debugging. These are optional and the application can work without being able to reach those.
