Table of Contents

EZProxy Maintenance

OCLC's EZProxy is a service which allows authorized patrons to access publisher content remotely which would otherwise be behind a paywall on the open web. We provide the IP address to our proxy server to all publishers so that once patrons authenticate into the server, their web traffic is shown as coming from a valid UMass Amherst IP address which grants them full access to our subscribed content. When patrons attempt to access subscribed content on the open web from home (via Google or directly at publisher sites) they are not recognized as an authorized user and see only a paywall. EZProxy is used by the rest of the Five Colleges and is the authentication for the majority of our eResources.

Vendor documentation can be found at EZProxy Support. Questions regarding EZProxy should be directed to Jack or Jaime in DRMS and troubleshooting issues can be submitted via DBHelp.

Maintaining the Configuration File (config.txt)

OCLC Created Stanzas can be found here: https://help.oclc.org/Library_Management/EZproxy/EZproxy_database_stanzas/Database_stanzas

During the renewals process, stanzas should be checked against the OCLC documentation to make sure that the most recent version is being used. The best way to tell if the stanza doesn't work is trying to access a resource from off campus (or via Opera w/ VPN installed) which will trigger a Need Host page if the stanza no longer works. If a resource is cancelled or ceased and we do not retain post-cancellation/perpetual access, then the stanza should be removed from the config file.

If you need to create a stanza from scratch, please reference others in the config. or search the EZProxy listserv archives. Consider the following:

Basic Changes to Stanzas

Sample Stanza configuration entry without javascript:

Sample configuration with javascript:

Monthly Maintenance

Upgrades

Include Files

We are not currently using include files for the config. DRMS wants to explore this further in the future but for now please place all stanzas directly in the config file.

User Files

NOTE: This section has been rewritten as of our September 2023 switch from LDAP to SSO authentication. Please refer to earlier versions of this page for LDAP documentation.

Unlike LDAP authentication, SSO authentication requires two user files: user.txt and shibuser.txt.

user.txt

We use this file for two purposes:

Instructions for how to perform these tasks, including links to OCLC documentation, are included in user.txt. Since the temporary credentials we create in user.txt are not issued by OIT, the SSO login screen will not work. Instead, users with these credentials will need to bypass the SSO login screen. When creating temporary credentials, please provide the following information to the recipient:

shibuser.txt

We use this file for two purposes:

Instructions for how to perform these tasks, including links to OCLC documentation, are included in shibuser.txt.

EZProxy Public Pages (Documents)

Patrons primarily experience the EZProxy login page, and may never encounter the various other pages which are mostly reserved for specific EZProxy related errors. These are stored in the “docs” directory of the server. The include the following pages:

EZProxy Security Rules

As of version 7.1, rules can be set that when patrons trip them will cause their NetID to be logged and/or blocked. Currently the only rules which will block a patron relate to how many gigabytes of content are download, if a NetID access EZproxy from 4 or more countries, or if they access EZProxy from 20 or more IP addresses. There are additional rules which will log a NetID instead of blocking them.

License Violation Incidents through proxy

See License Violation Procedures