AnonymousURL allows users to access select content through your EZproxy server without authenticating. AnonymousURL is a position-dependent directive that interacts with database stanzas.
Specifies that the rest of the directive should match for
OPTIONSmethod requests from the browser but not others such as
- EZproxy V6.1 added the
-Optionsqualifier to the
AnonymousURLdirective, making the new complete syntax:
AnonymousURL -RE -CS -Options +|- wildurl
The line should appear at the beginning of the database stanza it should impact. Suggested usage includes the following line as the final line of any stanza with an AnonymousURL directive to limit the directive's behavior to the intended stanza:
- The following examples provide some use cases where the AnonymousURL directive would be appropriate. RSS readers If you use an RSS reader, the reader needs to be able to request the XML file through EZproxy so the links will be rewritten, but the RSS reader itself runs at independent times outside the context of EZproxy. In most instances, the RSS feeds themselves are designed for public use by other RSS readers, so the content does not need to be secured from access by EZproxy. Having EZproxy allow the requests through without an EZproxy cookie resolves this.
RSS feeds example
If the fictional Research Database provides RSS feeds at http://www.researchdb.com/rss/feename.xml, you might use the following stanza to allow access to these feeds.
AnonymousURL -RE +http://www.researchdb.com/rss/[a-z]+.xml Title Research Database URL http://www.researchdb.com DJ researchdb.com AnonymousURL -*
You would then need to determine the EZproxy version of the hostname for www.somedb.com and use it to construct a URL such as:
http://www.researchdb.com.ezproxy.yourlib.org/rss/feedname.xml which you would use in your RSS reader.External streaming media players example
When playing media, especially streaming media, the browser may launch an external program to deliver the content. When the URL reaches that external program, it does not possess EZproxy's session cookie, so the request will be blocked. In these scenarios, vendors have accepted the necessity of allowing the portions of the URLs relating to that media content to proxy without EZproxy actually being able to know for certain that the remote user has authenticated and is allowed to access this resource.
If the fictional News Database uses an external program to deliver streaming WMV files, the following database definition could be necessary for users to access that content:
AnonymousURL +*.wmv Title News Database URL http://www.newsdb.com DJ newsdb.com AnonymousURL -*
Java applets example
Some Java applets don't have access to send cookies. Some database stanzas will contain an AnonymousURL directive to allow processing of the content presented with these applets.
If the fictional Art Database uses Java applets that cannot send cookies, you might need to construct the database stanzas as follows to allow access to JPGs and GIFs:
AnonymousURL +*.gif AnonymousURL +*.jpg Title Art Database URL http://www.artdatabase.com DJ artdb.com AnonymousURL -*
Ajax requests example
A new use case occurs when making Ajax requests to a different server. When this happens, an OPTIONS request may be made without cookies present. If EZproxy does not proxy this, the ability to access the remote content is blocked.
OPTIONS requests with a CORS request example
When browsers send an OPTIONS request, such as when preflighting a CORS (cross-origin resource sharing)request, they do not send along their cookies as part of the request. When EZproxy receives the request with its cookie, it can't confirm that the user is authenticated, so it creates a redirect to authenticate. Using the -OPTIONS qualifier with AnonymousURL allows EZproxy to handle cases like this.
For example, if EZproxy receives an OPTIONS request from the fictional Research Database, the following database stanza could be used to tell EZproxy that the OPTIONS request can be processed without authentication, but any normal request must have the authentication cookie present:
AnonymousURL -OPTIONS +http://api.researchdb.com* Title Research Database URL http://researchdb.com DJ researchdb.com AnonymousURL -*