EZProxy Maintenance

OCLC's EZProxy is a service which allows authorized patrons to access publisher content remotely which would otherwise be behind a paywall on the open web. We provide the IP address to our proxy server to all publishers so that once patrons authenticate into the server, their web traffic is shown as coming from a valid UMass Amherst IP address which grants them full access to our subscribed content. When patrons attempt to access subscribed content on the open web from home (via Google or directly at publisher sites) they are not recognized as an authorized user and see only a paywall. EZProxy is used by the rest of the Five Colleges and is the authentication for the majority of our eResources.

Vendor documentation can be found at EZProxy Support. Questions regarding EZProxy should be directed to Jack or Jaime in DRMS and troubleshooting issues can be submitted via DBHelp.

Maintaining the Configuration File (config.txt)

OCLC Created Stanzas can be found here: https://help.oclc.org/Library_Management/EZproxy/EZproxy_database_stanzas/Database_stanzas

During the renewals process, stanzas should be checked against the OCLC documentation to make sure that the most recent version is being used. The best way to tell if the stanza doesn't work is trying to access a resource from off campus (or via Opera w/ VPN installed) which will trigger a Need Host page if the stanza no longer works. If a resource is cancelled or ceased and we do not retain post-cancellation/perpetual access, then the stanza should be removed from the config file.

If you need to create a stanza from scratch, please reference others in the config. or search the EZProxy listserv archives. Consider the following:

  • Where something is in the file matters. It is read top down. Be sure to stick to alphabetization for easy searching.
  • When creating a resource configuration stanza, determine whether JavaScript is used.
  • Leave a note of who created the stanza and when.
  • Always test whether the stanza you created actually works.

Basic Changes to Stanzas

  • Using a FTP client (preferably WinSCP-Put in a SysHelp Ticket to have it installed on your machine) access the Proxy Server
    • The Username and Password can be gotten from Scott, Kat, Jaime, or Jack
  • Once logged in, navigate to the config.txt file
    • There are many old Config files and backups that are not used anymore. Make sure you select the correct one.
    • Never edit the config file on the server directly to avoid breaking something accidentally without having a backup.
  • Drag the config.txt file from the right pane into the left pane (a local folder somewhere on your C Drive)
    • Allow it to overwrite or change the existing filename. SAVE A BACKUP JUST IN CASE!
  • Double click on the file in the local folder to open the text editor. (For more advanced edits, use Notepad++-Put in a SysHelp Ticket to get it on your machine)
    • The text file has a specific structure. The beginning has administrative information for the Server, UMass IP Addresses, Blocked/Banned IPs, etc.
    • Different sections are commented out using a #
      • To add new comments, begin the line of text with a #
    • The Stanzas are roughly alphabetical, and they are hierarchical. Lines that are higher are given priority over lines that are lower.
    • Trials are always at the end of the file.
  • To add a new stanza, Check OCLC or use Google to try and find one that someone else has created.
    • To make edits (like an HTTPS update) add information to existing stanzas.
  • Save the Local copy
    • Drag the local file back into the Proxy Server and allow it to overwrite the existing config.txt file
  • Go to the EZProxy Admin and login with the same credentials as the Server
    • Restart the Server AFTER you've updated the file
  • Test the resource in Opera.

Sample Stanza configuration entry without javascript:

  • T Journal Title
  • U URL
  • HJ Host Source: Other hosts at resource? e.g. otherserver.publisher.com
  • DJ Direct Source: Top level domain e.g. publisher.com or publisher.ac.uk
    • Do not use colons
    • Some resources store information on different servers, so for instance, you might have access to the text but not the images if the server housing the image is not in the proxy config file.
    • Not every stanza will look the same

Sample configuration with javascript:

  • T Journal Title
  • U URL
  • HJ otherserver.publisher.com
  • DJ publisher.com

Monthly Maintenance

  • Removing unused host log entries

Upgrades

  • Notices of available upgrades to the EZProxy software are announced on the Listserv. Do not be hasty in requesting load of upgrades unless a bug fix is urgently needed. Each upgrade contains all previous upgrades. There is no risk in skipping one. LTS manages the EZProxy server and handles the upgrade process as well as the SSL certificate. If you are unsure of the status of either, check the EZProxy web admin - information about both are listed at the top of the page.

Include Files

We are not currently using include files for the config. DRMS wants to explore this further in the future but for now please place all stanzas directly in the config file.

User Files

NOTE: This section has been rewritten as of our September 2023 switch from LDAP to SSO authentication. Please refer to earlier versions of this page for LDAP documentation.

Unlike LDAP authentication, SSO authentication requires two user files: user.txt and shibuser.txt.

user.txt

We use this file for two purposes:

  • to create temporary login credentials, usually for vendors
  • to specify authentication method

Instructions for how to perform these tasks, including links to OCLC documentation, are included in user.txt. Since the temporary credentials we create in user.txt are not issued by OIT, the SSO login screen will not work. Instead, users with these credentials will need to bypass the SSO login screen. When creating temporary credentials, please provide the following information to the recipient:

shibuser.txt

We use this file for two purposes:

  • To specify any actions that should apply to all users – as of October 2023, the only directive in this category is to log activity using netid@umass.edu as the username instead of shibboleth.
  • To specify any actions that should apply to specific users. As of October 2023, this includes specifying which users can log into the EZProxy server as admins and temporarily blocking users

Instructions for how to perform these tasks, including links to OCLC documentation, are included in shibuser.txt.

EZProxy Public Pages (Documents)

Patrons primarily experience the EZProxy login page, and may never encounter the various other pages which are mostly reserved for specific EZProxy related errors. These are stored in the “docs” directory of the server. The include the following pages:

  • login.htm
    • The main login screen for EZProxy. As of Feb. 2022 it reflects the branding of the library website set to be replaced this summer. Work with LTS to update the branding when the new website becomes available.
  • loginbu.htm
    • Patrons see this when their NetID or password fail - usually it is because they are using the @umass domain or have an old password saved in their browser.
  • loginback.htm
    • Unclear
  • logout.htm
    • Only seen when logging out of the EZProxy web admin.
  • needhost.htm
    • When a stanza is missing or no longer works for a specific URL/platform patrons see this page. It includes information on how to report the error and contains information DRMS needs to update the stanza.
  • menu.htm
    • This page is rarely seen - occasionally publishers (like Newsbank) will block access due to a compromised NetID and patrons will be redirected here.
  • suspend.htm
    • When patrons trip a security rule they are shown this page.
  • cookie.htm
    • When patrons block all cookies, they will see this page since EZProxy requires cookies to be enabled to operate correctly.
  • https.htm
    • Unclear
  • survey.htm
    • This is the mines survey managed by LTS/Assessment. It is turned off as of Feb. 2022.

EZProxy Security Rules

As of version 7.1, rules can be set that when patrons trip them will cause their NetID to be logged and/or blocked. Currently the only rules which will block a patron relate to how many gigabytes of content are download, if a NetID access EZproxy from 4 or more countries, or if they access EZProxy from 20 or more IP addresses. There are additional rules which will log a NetID instead of blocking them.

License Violation Incidents through proxy

ezproxy_maintenance.txt · Last modified: 2023/12/08 14:46 by myoungberg
www.chimeric.de Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0