seeking IP "substituter"

Prentiss Riddle riddle at is.rice.edu
Thu Sep 19 10:37:01 EDT 1996


> From: "Bob Samson" <samson at library.uta.edu>
> Date: Mon, 16 Sep 1996 05:52:32 -0700
> Subject: seeking IP "substituter"
>
> Many of our database services are contractually limited to use by
> affiliated faculty, staff, and students of the university.  As a
> means of complying with these restrictions, we have invoked IP domain
> restrictions for access to these databases.
>
> The problem arises when legitimate users access our homepage from
> their commercial ISP accounts and the IP wrappers prevent these users
> from accessing the various database services.  Since our computer
> center does not provide SLIP or PPP service, remote users, e.g.
> distance education users, as well as anyone who just wants to access
> our service from home, must go through commercial ISPs for access
> (unless they want to limit themselves to TELNET/Lynx access, in which
> case they can come in through the computer center).
>
> I'd be curious to know if anyone has found, or developed, some sort
> of IP "substituter" which, upon validation by matching an entry in
> some sort of security database, would substitute a "valid" IP address
> for subsequent access to a local homepage and beyond. ...

One option would be to have your users run their web clients on a
server within your domain and redirect the client output to their
off-campus accounts (either using X, or using a telnet session and a
text-based client like lynx).

If that doesn't work for you, then it's a surprisingly simple job to
write a CGI program that accepts a URL and retrieves an HTML document
then passes it back to the requestor, rewriting the URLs on the fly so
they also refer to the gateway program.  A student here wrote such a
program to translate web pages into "Swedish Chef"-speak (a mock
Scandinavian accent loosely based on a TV puppet).  The problem, of
course, was that his gateway bypassed the IP screening we do to honor
our own database licenses, so anyone on the net could get "Swedish
Chef" versions of our site-licensed data!  (I had to ask the student
to shut it down.)

Which highlights the problem here: you need to make sure that you do
the access control right, or you will be creating a "leak" that will
violate your licenses.  If you decide to pursue this approach, I would
recommend adding an additional test in the program so that it would
only serve out (and rewrite) URLs corresponding to the specific known
services you intend to gateway in this fashion.  That way, you'd be
less likely to step on the toes of some other department at your
institution that also has site-restricted data and has a different
concept of the "site" than yours.

-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle at rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
-- Opinions expressed are not necessarily those of my employer.



More information about the Web4lib mailing list