How EZproxy works
EZproxy works as an intermediary between library users and the e-content they are trying to access. It confirms that the users are authorized to access their institution’s subscriptions and delivers the e-content to them. When users search their institutions’ resources and find e-content they would like to access, EZproxy authenticates them, then passes their request on to the content provider with EZproxy's IP address attached instead of the user's. The content provider then finds the EZproxy IP address as a match in its list of registered IP addresses for the institution, and passes the content back to the EZproxy server (the place where the content provider believes the request originated). EZproxy then delivers the content to the user.
EZproxy service types - libraries and content providers
OCLC offers libraries two ways to use EZproxy to make their e-content subscriptions available to remote users: a hosted service and a stand-alone subscription.
Support licenses (using OCLC's hosted service) are also available to content providers who wish to integrate EZproxy into their testing and development workflows. Please email email@example.com if you would like more information.
Every resource that library users access remotely using EZproxy must be configured in EZproxy’s config.txt file. This file contains a listing of the e-resources that the library subscribes to with instructions for EZproxy about what resources within those websites users are allowed to access. The instructions are called directives, and when combined, these directives form database stanzas. When library users attempt to access an e-resource, after they have been authenticated, EZproxy reads the institution’s list of e-resources and directives in the config.txt file and determines whether or not the e-resource the user is trying to access is available to them, and either grants access (by rewriting the URL into a proxied URL) or denies access.
OCLC maintains an extensive list of stanzas for many content providers. This list is not exhaustive; EZproxy can be configured to provide access to any website, not just those in this list.
Adding or updating your stanza
Would you like OCLC to add a stanza for your resource? Are you planning a site migration or technical change (e.g. moving to https) that will impact your existing stanza?
If so, please email firstname.lastname@example.org.
Please note the following:
- We make every effort to test stanza changes using internal EZproxy test servers prior to publishing them on our website. We will ask you to authorize the IP address of such a server for test access.
- OCLC’s list of published stanzas represents our best effort to support access to the specified resources via EZproxy. Given that websites often change without our awareness, OCLC cannot guarantee that these stanzas will provide seamless access to all features of each site 100% of the time.
- The process of developing or updating a stanza can take up to 60-90 days.
EZproxy content security tips for publishers
- Subscribe and participate in the EZproxy listserv, email@example.com
EZproxy users are active and willing to engage in this forum. Don’t be afraid; go talk to them. See http://oc.lc/ezplist to subscribe.
- Review the OCLC document “Securing Your EZproxy Server.”
This document can be found at http://oc.lc/securingezp. It provides a crash course on EZproxy security so you can better understand the steps libraries can take to secure their content.
- Review EZproxy options for geolocation configurations.
EZproxy makes it possible to restrict access to content based on a user’s location as defined by their IP address. While it is not possible for most sites to restrict access to entire geographies indefinitely, temporary blocks may be reasonable as opposed to shutting off access to EZproxy completely. See http://oc.lc/ezplocation for more information.
- Review EZproxy’s logging and auditing capabilities.
Many libraries have EZproxy configured to log information about EZproxy use, making it relatively easy for EZproxy admins to identify potentially compromised accounts and terminate access. By providing certain information to libraries when you see suspicious use, many libraries can target and identify the bad actor and stop their ability to access content immediately. Learn more about this process here http://oc.lc/ezpusermanagement.
- Finally, work with OCLC.
If you have questions about how EZproxy will behave with a security update or want to know its impact on EZproxy users, get in touch. We are happy to work with publishers to make sure you understand the impact of platform changes that impact security and access in general through EZproxy. Email firstname.lastname@example.org with any questions.