another Proxy server question

Liz Best lbest at brain.royalroads.ca
Sat Dec 20 13:18:16 EST 1997


Dan & Mack,

We also investigated the use of the proxy server for our off campus
learners, however, we found that it degraded performance (as all http
requests then came through our site) to the point where the users would
take it out and then call the help desk when they could get everywhere
else on the net, except to our IP authenticated resources.

We are attempting to stick to a policy whereby all new resources must be
made available to us in one of two formats: userid/password or
IP-referral authentication. So far we have been successful, which is
suprising given our small size and lack of economic clout. All of our
existing resources have alternatives which make them available on-campus
through IP authentication or off-campus through our own userid/password
authentication.

Britannica Online was the first to allow us IP-referral authentication,
although it was first mentioned to me by Ebscohost. We have a web page
that is userid/password protected which requires a University
userid/password, that we control. Every registered student, staff member
and faculty member has a unique one. From this secure page there is a
link to BOL. At BOL's end they check to make sure that the person
attempting to enter their secure site comes from a known host, such as
we are, and if so the person is allowed to enter. If not, the person
must enter a BOL userid/password to gain access to the site. The
limitation with this is that the BOL site can not be bookmarked, it has
to be accessed from our web page.

Userid/password can be controlled without ever giving the
userid/password out. I use one of two PERL scripts (depending on whether
the resource is secured by server or script authentication). This method
has two limitations. The first is as above, that the sites can not be
bookmarked, it has to be accessed from our secure web page. Also,
because IE displays the command in the Location field, which shows the
userid/password, I do not allow IE to run these scripts. I attempt to
only allow Netscape to run it. This is not a problem for us, as our
users are entitled to NN for free. 

For server authentication I use the following:

	$agent = $ENV{'HTTP_USER_AGENT'};

	if ($agent =~ /Mozilla/ && $agent !~ /MSIE/)
	{
	$userid="theAssignedUserid";
	$password="thePassword";
	print "Location: http://$userid:$password\@hostname.com";
	}
	else
	{
	print "Content-type: text/html\n\n\n";
	print "This script can only be used with Netscape Navigator"
	}

For script authentication I use the following (and modify as necessary
for the required variable names):

	$agent = $ENV{'HTTP_USER_AGENT'};

	if ($agent =~ /Mozilla/ && $agent !~ /MSIE/)
	{
	$userid="theAssignedUserid";
	$password="thePassword";
	print
"Location:http://somehost.com/script?UserId=$userid&Passwd=$password\n\n\n";
	}
	else
	{
	print "Content-type: text/html\n\n\n";
	print "This script can only be used with Netscape Navigator"
	}

So these may be routes that you can also consider.

Regards,
Liz
	-----Original Message-----
	From: mack at janus.swem.wm.edu (Mack Lundy)

	Dan,

	Like many colleges, we are also faced with the growing poblem        
where students and faculty sign on with a non-college ISP and        
want (actually demand) to get to resources where access is        
restricted by IP address.

	We are working on  a proxy server as a means to provide this
        access - at least until something better comes along. 
At               Midwinter I am planning to discuss this at the Secure
Systems           and Services IG meeting (Monday, Jan. 12, Hilton
Riverside Gr.         Salon 4).  I'm not a proxy server expert but I can
discuss what         we are doing, how we are doing it, and why we are
doing it which         may be of help to those contemplating life with a
proxy server.         It isn't likely that I will get my notes up on a
web page before         Midwinter but I intend to do so afterwards.

	Regards
	Mack
	-----Original Message-----
	From: Dan Kissane <dfk at snyoneva.cc.oneonta.edu>
	To: Multiple recipients of list <web4lib at library.berkeley.edu>

	Is anyone using a proxy server to allow users with private ISPs
        to access IP authenticated resources? Any info on this would be
        appreciated. Thank you. Happy Festivus!

	Dan Kissane
	Systems Librarian
________________________________________________
Elizabeth L. Best
Systems Analyst

Royal Roads University
Learning Resource Centre
2005 Sooke Road
Victoria, BC  V9B 5Y2

Phone: (250) 391-2663
Fax:   (250) 391-2594
Email: lbest at royalroads.ca
Web: http://www.royalroads.ca/
________________________________________________
  _o    \o_         __|     \ /      |__         o _    o/   \o/ 
 __|- __/    \__/o    \o     |     o/     o/__   /\    /|     |  
    >   >    /  \     ( \   /o\   / )     |  (\  / |   < \   / \


More information about the Web4lib mailing list