EZproxy
Find support materials about EZproxy.
EZproxy 7.3.11 Released
You can now download and update to EZproxy 7.3.11. If you have not already upgraded to EZproxy V6.x, you will need to obtain an OCLC Web Service Key (WSKey).
This release was built with OpenSSL 1.1.1o to provide access to the most up-to-date security configuration options. You can find more information about these updates and others in the EZproxy release notes.
- Install and update EZproxy
- Find the tools and resources required for installing EZproxy and downloading updates.
- EZproxy configuration
- This guide provides you with resources to understand and configure EZproxy using directives in your EZproxy files.
- Add a database stanza as a self-hosted library
- Configure EZproxy to run as a Windows service
- Configure high availability
- Configure OpenSSL directives
- Create search widgets to proxied resources
- EZproxy system elements
- Integrate EZproxy with other OCLC services
- Integrate ILLiad with your local authentication system via EZproxy
- Introduction to database stanza directives
- Migrate to Proxy by Hostname
- Set limits for your institution
- Starting point URLs and config.txt
- Understanding URLs and database stanzas
- Config.txt directives
- This page provides an alphabetical listing of directives that can be used in the config.txt file to configure EZproxy and databases.
- Config.txt directive conventions
- AddUserHeader
- AllowIP
- AllowVars
- AnonymousURL
- Audit
- AuditPurge
- AutoLoginIP
- AutoLoginIPBanner
- BinaryTimeout
- Books24x7Site
- ByteServe
- CASServiceURL
- Charset
- ClientTimeout
- ConnectWindow
- Cookie
- CookieFilter
- DbVar
- DenyIfRequestHeader
- Description
- DomainJavaScript (DJ)
- Domain (D)
- EBLSecret
- ebrarySite
- EncryptVar
- ExcludeIP
- ExcludeIPBanner
- ExtraLoginCookie
- Find & Replace
- FirstPort
- ForceHTTPSLogin
- FormSelect
- FormSubmit
- FormVariable
- Groups
- HAName
- HAPeer
- HostJavaScript (HJ)
- Host (H)
- HTTPHeader
- HTTPMethod
- Identifier
- IncludeFile
- IncludeIP
- Interface
- IntruderIPAttempts
- IntruderLog
- IntruderUserAttempts
- IntrusionAPI
- LBPeer
- Location
- LogFile
- LogFilter
- LogFormat
- LoginCookieDomain
- LoginCookieName
- LoginMenu
- LoginPort
- LoginPortSSL
- LogSPU
- MaxConcurrentTransfers (MC)
- MaxLifetime (ML)
- MaxSessions (MS)
- MaxVirtualHosts (MV)
- MessagesFile
- MetaFind
- MimeFilter
- Name
- NeverProxy
- Option AcceptX-Forwarded-For
- Option AllowWebSubdirectories
- Option AnyDNSHostname
- Option BlockCountryChange
- Option Cookie, Option DomainCookieOnly, Option NoCookie, Option CookiePassThrough
- Option CSRFToken
- Option DisableSSL40bit
- Option DisableSSL56bit
- Option DisableSSLv2
- Option ExcludeIPMenu
- Option ForceHTTPSAdmin
- Option ForceWildcardCertificate
- Option HideEZproxy
- Option HttpsHyphens
- Option IgnoreWildcardCertificate
- Option IPv6
- Option LoginReplaceGroups
- Option LogReferer
- Option LogSAML
- Option LogSession
- Option LogSPUEdit
- Option LogUser
- Option MetaEZproxyRewriting
- Option NoHttpsHyphens
- Option NoProxyFTP
- Option NoUTF16
- Option NoX-Forwarded-For
- Option ProxyByHostname
- Option ProxyFTP
- Option RecordPeaks
- Option ReferInHostname
- Option RelaxedRADIUS
- Option RequireAuthenticate
- Option SafariCookiePatch
- Option StatusUser
- Option TicketIgnoreExcludeIP
- Option UsernameCaretN
- Option UTF16
- Option X-Forwarded-For
- OverDriveSite
- PidFile
- ProxyHostnameEdit
- Proxy & ProxySSL
- RADIUSRetry
- RedirectSafe
- Referer
- RejectIP
- Relogin (::relogin)
- RemoteIPHeader, RemoteIPInternalProxy & RemoteIPTrustedProxy
- RemoteTimeout
- RunAs
- ShibbolethDisable
- SPUEdit
- SPUEditVar
- SQLiteTempDir
- SSLCipherSuite
- SSLOpenSSLConfCmd
- SSOUsername
- Title
- TokenKey
- TokenSignatureKey
- UMask
- URLAppendEncoded (replaced by URL -Append -Encoded)
- URLRedirectAppendEncoded (replaced by URL -Redirect -Append -Encoded)
- URLRedirect (replaced by URL -Redirect)
- URL (version 1)
- URL (version 2)
- URL (version 3)
- UsageLimit
- EZproxy Administration
- The EZproxy Administration page provides access to a variety of configuration, logging, monitoring, security, and test options. Access to these administrative options can be necessary to configure and maintain many of the settings described throughout this support site.
- EZproxy database stanzas
- Find all of the database stanzas maintained by OCLC, organized alphabetically, to provide access to specific e-resources in EZproxy.
- Database stanzas
- Database stanzas - #
- Database stanzas - A
- Database stanzas - B
- Database stanzas - C
- Database stanzas - D
- Database stanzas - E
- Database stanzas - F
- Database stanzas - G
- Database stanzas - H
- Database stanzas - I
- Database stanzas - J
- Database stanzas - K
- Database stanzas - L
- Database stanzas - M
- Database stanzas - N
- Database stanzas - O
- Database stanzas - P
- Database stanzas - Q
- Database stanzas - R
- Database stanzas - S
- Database stanzas - T
- Database stanzas - U
- Database stanzas - V
- Database stanzas - W
- Database stanzas - Y
- Database stanzas - Z
- Authenticate users (user.txt)
- The EZproxy user.txt file is the place where you will customize your authentication settings to control who is able to access your proxied resources. The documentation listed below provides details about directives that can be used to customize your authentication settings, details about supported authentication methods, and additional authentication configurations.
- Manage EZproxy
- EZproxy provides many options to customize your software to meet the needs of your institutions. These customizations do not need to be configured for EZproxy to provide your remote users with proxied access to resources; however, these configurations can help you to secure your server, tracks EZproxy usage, and customize your users' experience.
- Secure your EZproxy server
- EZproxy directives and configurations offer administrators multiple options for securing your server, monitoring security concerns, and identifying and neutralizing compromised accounts.
- EZproxy for content providers
- Find information about EZproxy for content providers.
- EZproxy release notes and known issues
- Find EZproxy release notes and known issues. Release notes are documents that contain information about new product features and enhancements as installed in scheduled releases.
- EZproxy Training
- Find training on EZproxy here.
- Troubleshooting
- Find frequently asked questions (FAQ) and troubleshooting steps (Troubleshooting) for EZproxy.
- All my patrons are signing in with the username Shibboleth in EZproxy, what should I do to possibly fix this?
- Anatomy of a Stanza
- Are the Hosted EZproxy Servers TLS 1.2 and 1.3 compliant?
- Automating SFTP access with a protected password file
- A stanza on the help page does not work as expected
- A vendor has requested that we Flush the DNS cache, how do I do this and are there any ramifications?
- A vendor is asking me for some test credentials for EZproxy, where do I get those?
- Bypassing Microsoft Entra ID (Azure) login page
- Can a patron change their password using patron parser authentication in EZproxy
- Can EZproxy be run on a Windows Server with the IIS role enabled
- Can I add non-routable or private network IP addresses to my ExcludeIP or AutologinIP directives on my hosted EZproxy server?
- Can I get notified when a Security rule is tripped?
- Can I set an expiry date for users with text file authentication?
- Can I use EZproxy with Cloudflare?
- Can more than on EZproxy instance be run on one host
- Can not connect to resource off-campus
- Can we write up an EZproxy stanza for Amazon?
- Can you run EZproxy as a Docker container?
- config.txt stanza change is not applied
- Cookie banner keeps coming up in EZproxy session
- Daily email notifications from EZproxy server despite unchecked 'Receive Daily Email Digest' box
- DNS changes take time to propagate
- Does EZproxy require to have Adobe Acrobat?
- Does EZproxy require VPN
- Does EZproxy support Google reCAPTCHA?
- Does EZproxy support web sockets?
- Does our Hosted EZproxy prefix start with HTTP or HTTPS?
- Does subscribing to EZproxy require an annual renewal? Will I lose access to resources if my library does not renew?
- Do I need to update EZproxy if a resource updates their IP?
- Do we need to send anything to OCLC if we are a Hosted EZproxy site and our LDAP certificate is expiring and we are replacing the certificate?
- Error message "SAML unable to locate SSO Location"
- EZproxy 7.1 and the RunAs directive
- EZproxy Admin SSL page does not load
- EZproxy Cookies
- EZproxy Crash Loop, PANIC in adminsecurity.c
- EZproxy error Unable to create or open ezproxy.ipc: (13) Permission denied
- EZproxy link results in a page full of symbols
- EZproxy Self Service - How to make changes to EZproxy
- EZproxy Server Error - Please tell your server administrator to check messages.txt for a Max Virtual Hosts error
- Featured EZproxy Troubleshooting articles
- Why am I getting message "WARNING: EZproxy can only use ports below 1024 if it is run by root" in messages.txt
- Getting OpenFileMapping failed (2) No such file or directory or EZproxy failed to start
- Guardian appears dead
- Hosted EZproxy frequently asked questions
- How are SAML credentials provisioned with access to the EZproxy Administration page?
- How can I make EZproxy update when the certificates on my SSO are updated
- How can I tell if the stanza I expect is authorizing the EZproxy connection to a website
- How can the attributes being released to EZproxy by a SAML Identity Provider be viewed
- How can we change our Hosted EZproxy domain name?
- How does EZproxy work with Multi-Factor Authentication (MFA)
- How do I access previous Hosted EZproxy logfiles and statistics?
- How do I access the pre-production OCLC hosted EZproxy menu screen when SAML authentication is active
- How do I add a new resource to my OCLC Hosted EZproxy configuration?
- How do I add a Resource-Stanza-Database to EZproxy?
- How do I block expired users in EZproxy when using SIP authentication?
- How do I bypass my SSO to submit EZproxy credentials
- How do I clear stuck Orphan hosts in EZproxy
- How do I "comment out" a stanza in EZproxy?
- How do I configure EZproxy to go to FirstSearch?
- How do I create a certificate signing request from EZproxy
- How do I find my EZproxy IP address?
- How do I find out if we have EZproxy as one of our services?
- When trying to access an Ebookcentral/Ebrary link, the web browser displays, "ebrary request for site <your site ID> to host site.ebrary.com failed: 1
- How do I generate metadata for SAML connection to EZproxy?
- How do I get a copy of my OCLC Hosted EZproxy configuration?
- How do I get an EZproxy HECVAT report?
- How do I get EZproxy to use OCLC basic World Share authentication
- How do I get Lean Library Access browser extension access to our Hosted EZproxy?
- How do I get my local users authenticated access without EZproxy prompting for login?
- How do I get my OCLC hosted EZproxy log retention adjusted
- How do I get the default security rules modified on OCLC hosted EZproxy
- How do I make minor updates to EZproxy documentation pages
- How do I modify EZproxy configuration files in the Hosted environment?
- How do I refresh my SAML metadata on EZproxy
- How do I remove resource from my Hosted EZproxy configuration?
- How do I request a vanity URL for our Hosted EZproxy Server?
- How do I resolve an outdated stanza with OCLC hosted EZproxy
- How do I resolve an "Unable to locate address for ... website" error when using EZproxy?
- How do I resolve a 400 bad request error with EZproxy
- How do I resolve EZproxy max sessions issues
- How do I resolve issues with Cloudflare on websites with EZproxy
- How do I resolve SAML unable to locate SSO Location for XXXXXX with Shibboleth IDP13 entity not found: XXXXX errors with EZproxy
- How do I resolve the WSkey and secret pair did not generate a token errors showing the EZproxy messages.txt file
- How do I see EZproxy monthly usage data and statistics?
- How do I see which IP I should use for ExcludeIP or AutoLoginIP?
- How do I set up a link to go to a site directly under EBSCOhost?
- How do I set up open access resources with EZproxy
- How do I tell what IP address EZproxy is getting from a computer
- How do I turn off TLS 1.0 and TLS 1.1 protocols in EZproxy
- How do I update my admin email for EZprozy ?
- How do I update my login page to allow or obscure what is being entered by the user
- How do I update my Privacy Policy on my Hosted EZproxy login page?
- How do I use EZproxy in combination with the HTTPS-only web browser security setting
- How is EZproxy affected by users hiding their IP address
- How Kanopy Access is Configured
- How large of a SAML assertion can EZproxy accept from an identity provider
- How long are the logs kept for Hosted EZproxy
- How to block a user in EZproxy
- How to Block a User or Barcode in EZproxy when using SIP authentication
- How to change the logo on your Login Page for EZproxy
- How do I create a WorldShare Account to request a WSKey for EZproxy?
- How to find your EZproxy version
- How to make changes or update EZproxy self-service email notifications?
- How to use EZproxy TEST -RE to match attributes with CAS Authentication
- HSTS and EZproxy
- If I am authenticated with EZproxy and open up a new window in my browser, should I still be authenticated with EZproxy?
- If I restart EZproxy, will it disconnect the current sessions?
- If the EZproxy Reports are missing that have a .zip extension, who do I contact to get them retrieved?
- In an EZproxy stanza, does the URL line act as a Host or HostJavaScript directive?
- In EZproxy, what do I do with my link I am going to have a trial to a Database that will end and then a month later it will be a regular subscription?
- In EZproxy, when I go to the Statista site, I keep on getting a pop-up message requesting to allow cookies no matter what I do on the site.
- IP not recognized
- Is Apache web server used in EZproxy
- Is EZproxy affected by the Log4j or the CVE-2021-44228 vulnerability?
- Is EZproxy FedRAMP compliant?
- Is EZproxy protected against CVE-2022-22963 & CVE-2022-22965 Spring Cloud vulnerability?
- Is EZproxy vulnerable to Springshell?
- I am an EZproxy Self-Hosted site, and I cannot find my WsKey
- I am an EZproxy self-service site, and I am having troubles updating the production site
- I am an EZproxy vendor, and I need to verify that a Hosted EZproxy site has an IP address only used by that site
- I am a service provider and a site is sending me an IP address to add for their EZproxy that seems odd, how do I troubleshoot the IP address?
- I am getting a message for "Cookie Too Large" in EZproxy
- I am getting a message "This web property is not accessible via this address" when using Worldcat.org with EZproxy
- I am having an issue opening PDF files with EZproxy when using Wiley Database
- I am not receiving email notifications from my EZproxy server
- I am seeing an error message in my EZproxy Messages file about SAML Instant Time Disagreement
- I am self-hosted EZproxy site and I want to know if I need a new license for a test environment?
- I am trying to go to our EZproxy Database and I see a blank page
- I cannot connect to a resource through our Hosted EZproxy
- I get an error message for incorrect username or password when signing in to my Hosted EZproxy FTP files
- Troubleshooting EZproxy server startup issues after config.txt modification
- I received an email about an EZproxy Survey and I need a copy sent to someone else
- Logfile mailing list adjustments
- Max challenge attempts exceeded. Please refresh the page to try again!
- Menu page shown after update
- My vendor is asking me to Login or Subscribe when I proxy their site with EZproxy
- New ASTM Compass stanza and access URLs
- OCLC EZproxy security rules explained
- OpenSAML-C PlusPlus library and service provider advisory
- OVID Licensing error
- Resolving 'Cookie Header Too Large' Issue on JSTOR through EZproxy
- Set EZproxy using two authentication options with SAML as the default
- Target URL is not accessible on EZproxy, even though using approved EZproxy stanza.
- Taylor & Francis, IPv6 and hosted EZproxy
- Troubleshooting single user access issues via EZproxy.
- Unblock an account that has tripped a security rule
- Upgrading your EZproxy to latest version on the same server
- Upload Patron Parser for Hosted EZproxy
- Users blocked by the Security Rules still have an active session
- Using NeverProxy to suppress UUConnect errors in `messages.txt`
- UUconnect messages in EZproxy messages file
- We are a Hosted EZproxy site, and I need a copy of my Config.txt file
- What could be causing the response: server took to long to respond?
- What do I do if I have to add more than one Exclude IP directive in my EZproxy Config.txt file?
- What is our Hosted EZproxy Domain name?
- What is the best way to have a site or a Database added if we are hosted by OCLC EZproxy?
- What is the maximum URL length EZproxy can process?
- What versions of EZproxy does OCLC support for stand-alone sites?
- When a patron signs in with their barcode, it is showing up with a bunch of ascii characters as the username
- When using EZproxy how do I resolve an "This web property is in accessible via this address"
- Who do I contact with EZproxy Analytics support requests
- Why am I getting an Error about Ebrary siteID when using EZproxy and Ebook Central SSO
- Why am I getting an SSL error with EZproxy when being redirected
- Why am I getting a 404 error for Hosted EZproxy log listing page
- Why am I getting a connection timeout with EZproxy and some EBSCO resources
- Why am I getting a database provider sign in screen when using EZproxy and VPN
- why am I getting a err_connection_timed_out with EZproxy
- Why am I getting a sign-in screen from the provider site when using EZproxy
- Why am I getting a sign in screen from EZproxy when on campus
- Why am I getting a this ebrary site does not exist error from EZproxy
- Why am I getting a browser warning of ERR CERT COMMON NAME INVALID after updating the SSL certificate on EZproxy
- Why am I getting browser warning from my EZproxy server?
- Why am I getting directed to the Visible Body marketing page when using EZproxy?
- Why am I getting error File missing: docs\suspend.htm from EZproxy
- Why am I getting ERR EMPTY RESPONSE intermittently when using EZproxy
- Why am I getting failed to map response from EZproxy to UserObjectResponse when trying to login to Tipasa
- Why am I getting the EZproxy menu page instead of my page
- Why am I getting the EZproxy menu page when using an encoded URL as the target URL
- Why am I getting the EZproxy need host error screen when try to access E-Libro when I already have a stanza
- Why am I getting the "Inter-institutional access failure. Please contact your system administrator for assistance." error when using SAML authentication and EZproxy?
- Why am I having a problem loading PDF's in browser from a specific resource while using EZproxy
- Why am I having problems downloading items using EZproxy when I have the most recent stanza in my config.txt file
- Why am I having problems downloading PDFs from Wiley Online Library when using EZproxy
- Why am I having problems extracting my Hosted EZproxy log files that end in .gz?
- Why am I not seeing all of my log files for OCLC hosted EZproxy
- Why am I seeing -1 Can't contact LDAP server showing up in my EZproxy messages file
- Why am I seeing a different SSL certificate than what is active on my EZproxy server
- Why am I seeing encoded characters after I download and unzip my monthly usage reports for Hosted EZproxy using web log retrieval
- Why am I seeing "LDAP bind failed to xxx.xxx.xxx.xxx: -1 Can't contact LDAP server" in my EZproxy messages.txt file
- Why am I seeing "r0$" in front of a URL?
- Why am I unable to delete my Hosted EZproxy log files?
- Why am I unable to get the full admin screen after upgrading EZproxy
- Why am I unable to proxy cloudfront domains with EZproxy
- Why are my embedded EZproxy links generating SAML errors
- Why are my users not authenticating after loading a new file to OCLC hosted EZproxy
- Why are my users not being asked to login to EZproxy?
- Why are some of my EZproxy links allowing remote access without requiring authentication
- Why are some resource sites displaying only encoded characters when using EZproxy?
- Why can't I use a proxied link in documents?
- Why do .gif and .jpg files placed in the docs directory appear as broken images when referenced from login.htm?
- Why do I keep getting the bad username or password screen when using EZproxy and SIP authentication with conditions
- Why do we get this error in the messages log: getaddrinfo error acw.scopus.com
- Why is Ebook Central sending users to our old EZproxy to login
- Why is EZproxy crashing after adding a stanza?
- Why is LDAP bind failed to XXX.XXX.XXX.XXX: 49 Invalid credentials showing in my EZproxy messages.txt file
- Why is my EZproxy getting directed to my old EZproxy when the link is showing my new EZproxy prefix
- Why is my username showing as shibboleth after upgrading EZproxy
- Why is the EZproxy Manage SSL Certificates screen not loading?
- Why is the website seeing my IP address when the URL is re-written by EZproxy
- Will EZproxy be supported with the planned browser privacy features being introduced by Google and others
- OCLC Community Center: EZproxy community
- Find more information about the Community Center. Current EZproxy product users may join the OCLC Community Center to connect with peers and OCLC staff on product workflows, attend webinars, and provide feedback on the product.