Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ezproxy_maintenance [2019/05/22 20:07]
jmulvaney
ezproxy_maintenance [2023/12/08 14:46] (current)
myoungberg [User Files]
Line 1: Line 1:
 ===== EZProxy Maintenance ===== ===== EZProxy Maintenance =====
-EZproxy ​is a web proxy server used by libraries ​to give access ​from outside ​the library'​s computer network ​to restricted-access websites ​that authenticate ​users by IP address. ​This allows library ​patrons ​at home or elsewhere ​to log in through their library'​s EZproxy server and gain access ​to resources to which their library subscribes, such as bibliographic databases. [[https://en.wikipedia.org/wiki/EZproxy|Source]] EZProxy ​is used by the Five Colleges ​and is an OCLC Product+OCLC's EZProxy ​is a service which allows authorized patrons ​to access ​publisher content remotely which would otherwise be behind a paywall on the open web. We provide the IP address ​to our proxy server to all publishers so that once patrons ​authenticate ​into the server, their web traffic is shown as coming from a valid UMass Amherst ​IP address ​which grants them full access to our subscribed contentWhen patrons ​attempt ​to access ​subscribed content on the open web from home (via Google or directly at publisher sites) they are not recognized ​as an authorized user and see only a paywallEZProxy is used by the rest of the Five Colleges and is the authentication for the majority of our eResources. 
-Vendor documentation ​can be found at [[https://​help.oclc.org/​Library_Management/​EZproxy|EZProxy Support]]+ 
 +Vendor documentation can be found at [[https://help.oclc.org/Library_Management/EZproxy|EZProxy Support]]. Questions regarding ​EZProxy ​should be directed to Jack or Jaime in DRMS and troubleshooting issues can be submitted via DBHelp
 + 
 +==== Maintaining the Configuration File (config.txt) ==== 
 +OCLC Created Stanzas ​can be found here: [[https://​help.oclc.org/​Library_Management/​EZproxy/​EZproxy_database_stanzas/​Database_stanzas]] 
 + 
 +During the renewals process, stanzas should be checked against the OCLC documentation to make sure that the most recent version is being used. The best way to tell if the stanza doesn'​t work is trying to access a resource from off campus (or via Opera w/ VPN installed) which will trigger a Need Host page if the stanza no longer works. If a resource is cancelled or ceased and we do not retain post-cancellation/​perpetual access, then the stanza should be removed from the config file. 
 + 
 +If you need to create a stanza from scratch, please reference others in the config. or search the EZProxy listserv archives. Consider the following:​ 
 +  * Where something is in the file matters. It is read top down. Be sure to stick to alphabetization for easy searching. 
 +  * When creating a resource configuration stanza, determine whether JavaScript is used. 
 +  * Leave a note of who created the stanza and when. 
 +  * Always test whether the stanza you created actually works.
  
 ==== Basic Changes to Stanzas ==== ==== Basic Changes to Stanzas ====
   * Using a FTP client (preferably WinSCP-Put in a SysHelp Ticket to have it installed on your machine) access the Proxy Server   * Using a FTP client (preferably WinSCP-Put in a SysHelp Ticket to have it installed on your machine) access the Proxy Server
-      * The Username and Password can be gotten from Scott, Kat, or Jack+      * The Username and Password can be gotten from Scott, Kat, Jaime, or Jack
   * Once logged in, navigate to the config.txt file   * Once logged in, navigate to the config.txt file
       * There are many old Config files and backups that are not used anymore. Make sure you select the correct one.       * There are many old Config files and backups that are not used anymore. Make sure you select the correct one.
-      * Before using WinSCP, set up a local file somewhere in your C Drive for the software ​to use when you start editing the actual text+      * Never edit the config ​file on the server directly ​to avoid breaking something accidentally without having a backup
-  * Drag the config.txt file from the right pane into the left pane (the local folder on your C Drive) +  * Drag the config.txt file from the right pane into the left pane (local folder ​somewhere ​on your C Drive) 
-      * Allow it to overwrite or change the existing filename.+      * Allow it to overwrite or change the existing filename. ​**SAVE A BACKUP JUST IN CASE!**
   * Double click on the file in the local folder to open the text editor. (For more advanced edits, use Notepad++-Put in a SysHelp Ticket to get it on your machine)   * Double click on the file in the local folder to open the text editor. (For more advanced edits, use Notepad++-Put in a SysHelp Ticket to get it on your machine)
       * The text file has a specific structure. The beginning has administrative information for the Server, UMass IP Addresses, Blocked/​Banned IPs, etc.       * The text file has a specific structure. The beginning has administrative information for the Server, UMass IP Addresses, Blocked/​Banned IPs, etc.
       * Different sections are commented out using a #       * Different sections are commented out using a #
-          * To add new comments, begin the line of text with a X+          * To add new comments, begin the line of text with a #
       * The Stanzas are roughly alphabetical,​ and they are hierarchical. Lines that are higher are given priority over lines that are lower.       * The Stanzas are roughly alphabetical,​ and they are hierarchical. Lines that are higher are given priority over lines that are lower.
-          ​* Trials are always at the end of the file. +      ​* Trials are always at the end of the file. 
-  * To add a new stanza, [[https://​help.oclc.org/​Library_Management/​EZproxy/​Database_stanzas|Check OCLC]] or use Google to try and find one that someone else has created. +  * To add a new stanza, [[https://​help.oclc.org/​Library_Management/​EZproxy/​EZproxy_database_stanzas/​Database_stanzas|Check OCLC]] or use Google to try and find one that someone else has created. 
-      * To make edits (like HTTPS) add information to existing stanzas.+      * To make edits (like an HTTPS update) add information to existing stanzas.
   * Save the Local copy   * Save the Local copy
       * Drag the local file back into the Proxy Server and allow it to overwrite the existing config.txt file       * Drag the local file back into the Proxy Server and allow it to overwrite the existing config.txt file
Line 25: Line 37:
   * Test the resource in Opera.   * Test the resource in Opera.
  
-**Sample Stanza configuration entry without javascript:**+=== Sample Stanza configuration entry without javascript:===
   * T Journal Title   * T Journal Title
-  * U URL e.g. http://​mainserver.publisher.com+  * U URL
   * HJ Host Source: Other hosts at resource? e.g. otherserver.publisher.com   * HJ Host Source: Other hosts at resource? e.g. otherserver.publisher.com
   * DJ Direct Source: Top level domain e.g. publisher.com or publisher.ac.uk   * DJ Direct Source: Top level domain e.g. publisher.com or publisher.ac.uk
-          ​* Do not use colons +      ​* Do not use colons 
-          * Some resources store information on different servers, so for instance, you might have access to the text but not the images if the server housing the image is not in the proxy config file. +      * Some resources store information on different servers, so for instance, you might have access to the text but not the images if the server housing the image is not in the proxy config file. 
-          * Not every stanza will look the same +      * Not every stanza will look the same
-**Sample configuration with javascript:​** +
-   * T Journal Title +
-   * U http://​mainserver.publisher.com +
-   * HJ otherserver.publisher.com +
-   * DJ publisher.com +
- +
-==== Maintaining the Configuration File (config.txt) ==== +
-  * Suggested definitions for many resources may be found at [[http://​www.oclc.org/​us/​en/​support/​documentation/​ezproxy/​db/​default.htm|Database Setup +
-]] +
-      * Note that in our configuration file Chadwyck-Healey has a special setup because of RefWorks linking issues. See main Chadwyck-Healey entry for instructions. Subsequent entries must be below initial entry. +
-  * Where something is in the file matters. It is read top down. +
-  * When creating a resource configuration stanza, determine whether javascript is used. +
  
 +=== Sample configuration with javascript: ===
 +  * T Journal Title
 +  * U URL
 +  * HJ otherserver.publisher.com
 +  * DJ publisher.com
  
-  *  Our configuration file is edited using the text editor vi. +==== Monthly ​Maintenance ====
-  *  EZProxy processes must be restarted for configuration changes to be operational. At present we must restart from the web admin page. +
- +
-==== Weekly ​Maintenance ====+
   * Removing unused host log entries   * Removing unused host log entries
       * Go to http://​silk.library.umass.edu/​status [Admin Login required]       * Go to http://​silk.library.umass.edu/​status [Admin Login required]
-      * In the section entitled Host Maintenance select the radio button for "​Remove XXX hosts that have not been used in over 30 days +      * Select Server Status 
-      * Select ​the Process button +      * Select ​Host Maintenance 
-      Select ​the Administration link at the top of the page to go to the Admin page+          Process all the host maintenance jobs
-      * Select ​Restart ​Proxy from the Admin page menu. +      * Restart the Server
-  * If time permits, review message log (available via Admin page also) for problems. Restarting no longer yields syntax error messages for configuration file as it did in the past, you must look in the message.txt log file.+
  
 ==== Upgrades ==== ==== Upgrades ====
-  * Notices of available upgrades to the EZProxy software are announced on the Listserv. Do not be hasty in requesting load of upgrades unless a bug fix is urgently needed. Each upgrade contains all previous upgrades. There is no risk in skipping one.+  * Notices of available upgrades to the EZProxy software are announced on the Listserv. Do not be hasty in requesting load of upgrades unless a bug fix is urgently needed. Each upgrade contains all previous upgrades. There is no risk in skipping one. LTS manages the EZProxy server and handles the upgrade process as well as the SSL certificate. If you are unsure of the status of either, check the EZProxy web admin - information about both are listed at the top of the page.
  
-==== License Violation Incidents through proxy ==== +==== Include Files ====
-See [[license_violation_procedures|License Violation Procedures]]+
  
-==== Includes Files ====+We are not currently using include files for the config. DRMS wants to explore this further in the future but for now please place all stanzas directly in the config file.
  
-Publishers provide config files for EZProxy which may be found at +==== User Files ==== 
-[[https://www.oclc.org/​support/​services/​ezproxy/​documentation/​db.en.html|OCLC]] or on publisher sites.+**NOTE:** This section has been rewritten as of our September 2023 switch from LDAP to SSO authenticationPlease refer to earlier versions of this page for LDAP documentation.
  
-Create a .cfg or .txt file, depending upon publisher instructions, ​and FTP it to the EZProxy serverIf you have trouble adding a .cfg extension, go to Windows explorer>​Tools>​Folder options>​Deselect "Hide extensions for known file types."+Unlike LDAP authentication,​ SSO authentication requires two user files: user.txt and shibuser.txt.
  
-To edit and backup the config.txt file, FTP the file to R/​S:​Acquisitions/​Electronic Resources/​EZProxy. OCLC instructions ​for setting up the entry in the EZProxy config ​are [[http://www.oclc.org/support/​services/​ezproxy/​documentation/​cfg/​includefile.en.html|here]]FTP the corrected file back to the proxy server.+=== user.txt === 
 +We use this file for two purposes: 
 +  * to create **temporary login credentials**usually for vendors 
 +  * to specify **authentication method** 
 +Instructions ​for how to perform these tasks, including links to OCLC documentation,​ are included ​in user.txt. Since the temporary credentials we create in user.txt ​are not issued by OIT, the SSO login screen will not work. Instead, users with these credentials will need to bypass the SSO login screen. When creating temporary credentials,​ please provide the following information to the recipient:​ 
 +  * Log in via https://silk.library.umass.edu:​443/login?​user=username&​pass=password 
 +  * This link will land you on a menu page, but you'll be logged in and can follow any links from EDS that contain silk.library.umass.edu
  
-We use includes ​files for OxfordSage.+=== shibuser.txt === 
 + 
 +We use this file for two purposes: 
 +  * To specify any actions that should apply to **all users** – as of October 2023, the only directive in this category is to log activity using netid@umass.edu as the username instead of shibboleth. 
 +  * To specify any actions that should apply to **specific users**. As of October 2023, this includes ​specifying which users can log into the EZProxy server as admins and temporarily blocking users 
 +Instructions ​for how to perform these tasksincluding links to OCLC documentation,​ are included in shibuser.txt. 
 +==== EZProxy Public Pages (Documents) ==== 
 +Patrons primarily experience the EZProxy login page, and may never encounter the various other pages which are mostly reserved for specific EZProxy related errors. These are stored in the "​docs"​ directory of the server. The include the following pages: 
 +  * login.htm 
 +      * The main login screen for EZProxy. As of Feb. 2022 it reflects the branding of the library website set to be replaced this summer. Work with LTS to update the branding when the new website becomes available. 
 +  * loginbu.htm 
 +      * Patrons see this when their NetID or password fail - usually it is because they are using the @umass domain or have an old password saved in their browser. 
 +  * loginback.htm 
 +      * Unclear 
 +  * logout.htm 
 +      * Only seen when logging out of the EZProxy web admin. 
 +  * needhost.htm 
 +      * When a stanza is missing or no longer works for a specific URL/​platform patrons see this page. It includes information on how to report the error and contains information DRMS needs to update the stanza. 
 +  * menu.htm 
 +      * This page is rarely seen - occasionally publishers (like Newsbank) will block access due to a compromised NetID and patrons will be redirected here. 
 +  * suspend.htm 
 +      * When patrons trip a security rule they are shown this page. 
 +  * cookie.htm 
 +      * When patrons block all cookies, they will see this page since EZProxy requires cookies to be enabled to operate correctly. 
 +  * https.htm 
 +      * Unclear 
 +  * survey.htm 
 +      * This is the mines survey managed by LTS/​Assessment. It is turned off as of Feb. 2022. 
 + 
 +==== EZProxy Security Rules ==== 
 +As of version 7.1, rules can be set that when patrons trip them will cause their NetID to be logged and/or blocked. Currently the only rules which will block a patron relate to how many gigabytes of content are download, if a NetID access EZproxy from 4 or more countries, or if they access EZProxy from 20 or more IP addresses. There are additional rules which will log a NetID instead of blocking them. 
 + 
 +==== License Violation Incidents through proxy ==== 
 +See [[license_violation_procedures|License Violation Procedures]]
ezproxy_maintenance.1558555677.txt.gz · Last modified: 2019/05/22 20:07 by jmulvaney
[unknown link type]Back to top
www.chimeric.de Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0