Skip to main content
OCLC Support

Sample secure EZproxy server

The following example combines all of the directives listed in the overview, placing them in an order that would be appropriate for your config.txt file. The values shown in specific examples are meant as starting points and may not provide the appropriate balance for your server. Whenever changes are made to config.txt, you need to restart EZproxy.

The lines below the directives, beginning with the #, are comments to explain the directive above. These can be deleted or included in your config.txt file as they will not impact your settings. They are meant only to explain the directive.

MaxLifetime 120
#A session idle for 120 minutes is automatically logged out.
Max Sessions 500
#A maximum of 500 sessions may be active at any given time.
UMask 0077
#In Linux, access to files is limited to the account used to run EZproxy.
LoginPortSSL 443
#Specifies that EZproxy listen for https requests on port 443.
Option ForceHTTPSLogin
#Forces the use of a secure, https login page.
Option ForceHTTPSAdmin
#Forces the use of a secure, https admin page.
Audit Most
#Records a designated set of Audit events in the Audit log.
AuditPurge 180
#Deletes Audit logs older than 180 days.
Option StatusUser
#Displays the username associated with a session on the Server Status page.
Option LogSession
#Records session identifier in ezproxy.log or spu.log files.
IntruderIPAttempts -interval=5 -expires=15 20
#Causes EZproxy to block login attempts from an IP address if invalid credentials are entered more than 20 times in a 5 minute interval.
IntruderUserAttempts -interval=5 -expires=15 10
#Causes EZproxy to block login attempts from a username that enters the incorrect password more than 10 times within a 5 minute period.
UsageLimit Global
#Records usage, but does not enforce limits. Usage can be viewed on the View Usage Limits and Clear Suspensions page from the /admin webpage.
LogFile -strftime ezp%Y%m%d.log
#Creates daily ezproxy log files.
LogFormat %h %l %u %t "%r" %s %b
#Records information specified by the % options. More detail on the LogFormat page.
LogSPU -strftime spu%Y%m%d.log %h %l %u %t "%r" %s %b
#Creates daily spu logs, and records same basic information as LogFormat directive based on % options.
Location -file=GeoLite2-City.mmdb
#Adds location data to audit logs by relating user’s IP address to the location identified by the GeoLiteCity.mmdb file. 
Format for 6.4.4 and later, see Location for previous versions. This product includes GeoLite data created by MaxMind, 
available from www.maxmind.com.
Option BlockCountryChange
#Blocks users whose country changes (based on Location directive information) in the middle of a session.