EZproxy Adventures: No Passport Required

Kara MullenClayton State Universitykaramullen@clayton.eduServe 7,000 studentsWorking with EZproxy for 3 years

Who we are

Kat GreerGeorgia Gwinnett Collegekgreer1@ggc.edu@libtechkatServe 11,000 studentsWorking with EZproxy for 1.5 years

Christina YauGeorgia Perimeter Collegechristina@gpc.eduServe 21,000 studentsWorking with EZproxy for 9 years

Melissa RobertsWesleyan Collegemroberts@wesleyancollege.edu Serve 1,000 studentsWorking with EZproxy for 1 year

EZproxy Adventures: No Passport Required is licensed under a Creative Commons Attribution-Noncommercial-ShareAlike 3.0 United States License.

Who are you?

https://pixabay.com/en/animal-owl-eagle-owl-wisdom-483860

Melissa: OCLC Hosted OverviewOCLC Hosted EZproxy includes:• An EZproxy server and IP address dedicated to your institution

• All server maintenance, security checks, and 24/7/365 monitoring

• All EZproxy enhancements, upgrades and bug fixes (automatically received)

• Security certificate for your institution

OCLC Hosted Server Reports

Kara: Proxy by Port Limitations•Local Firewall Configuration•Users will receive page not found errors

•Remote Firewall Issues•Users multitasking at work are usually blocked

•Port Usage•One port required for each remote web server

Kara: Maintenance•MaxVirtual Hosts• Server Maintenance

Kara: Maintenance• Logs• Audit = basic monitoring, resolving security issues• EZproxy = usage, resolve potential security threats•Message.txt = troubleshooting problems, verifying system

details• SPU (starting point URL) = how often users are accessing

certain resources

Kat: Upgrade to v6.0.8http://www.oclc.org/support/services/ezproxy/release-notes.en.html

•Annual subscription model & WSKey•New server & authentication•v6.0 features• support for IPv6 addresses

•v.6.0.8 bug fixes•v6.1 is out

Christina: EZproxy Advanced FeaturesLDAP Authentication Config(https://www.oclc.org/support/services/ezproxy/documentation/usr/ldap.en.html)

• LDAP info from campus IT• Attribute / Class metadata info depends on IT organization

structure / mapping for LDAP• Enhanced security • user.txt use obscure password

Christina: Security Concern FeaturesOCLC documentation "Securing Your EZproxy Server" (http://www.oclc.org/support/services/ezproxy/documentation/example/securing.en.html)• Encryption: Option ForceHTTPSLogin• Monitoring Security• Audit Most: enable access to use details on admin page • IntruderAttempts: identify and automatically suspend / block users with repeatedly failed

attempts • Option LogUser: record username in log, for trobleshooting and needed for UsageLimit

monitoring • UsageLimit

• resource(s) specific: a position-dependent config.txt directive• for complying content provider requests, minimize the potential for the illicit download of

large amounts of content, and limit reductions in access speed.

Christina: Advanced Features• Group Membership

• To limit resource access to specific groups of users / with specific attribute value • Group assign in user.txt, specify resources for the group in config.txt• Group assignment depends on LDAP class / temp username (IfTest condition, can use wildcard)

• Temporary User Accounts • For vendor testing• For users outside LDAP• Can specify valid period (IfBefore, IfAfter)

• More conditions (http://www.oclc.org/support/services/ezproxy/documentation/usr/common.en.html) • IfCountry• IfUser

• non LDAP format -- e.g. ::User=*2014, Group=+hs

Image Attributions• https://pixabay.com/en/map-of-the-world-compass-antique-429784/• https://pixabay.com/en/animal-owl-eagle-owl-wisdom-483860• https://pixabay.com/en/road-sign-attention-right-of-way-63983/