databases restricted by ip address

Albert Lunde Albert-Lunde at nwu.edu
Thu Sep 18 11:42:03 EDT 1997


>I wonder if there is an easy way to handle this problem.  We have a
>number of databases now that are available to our students and faculty
>through the web but are restricted to our campus by ip address.  We
>have some off-campus locations where students  have classes that would also
>like access to these database.  We also have some faculty and students
>using private ISPs from their homes who would like access.
>
>Our computer center does not offer slip access via modem.
>
>Is there a simple way to set up web access for these folks so that
>they will appear to have a campus IP address for purposes of accessing
>these databases?  We don't want to set up banks of modems in the library
>for them to dial into. We want them somehow to connect to our website,
>give their ID as their password (or something), and be connected.

We have a solution to this, but it's not especially simple. You can read
about it, from the user viewpoint, at:

http://www.library.nwu.edu/help/proxy/

We are running a Netscape proxy server with (Basic auth) username/password
authetication for access to web services.

People have to configure their web client to use our proxy server: this
makes their requests appear to come from our domain. (The server is not a
caching proxy.) For Netscape users, there is a JavaScript
"autoconfiguration" that determines when to use the proxy; MSIE users are
advised to turn it off when done.

For telnet access to particular databases, people telnet to a machine that
asks for their username and password, and then gives them a menu of other
systems they can reach.

We are using a custom plug-in to make the Netscape server authenticate
against our campus-wide account system. The I think the telnet menu is
hacked together from the BSD telnet/telnetd sources: it could surely be
done other ways.

On of our staff is trying to develop a CGI that proxies access to web
services with SSL-protected password: this is difficult because of lack of
browser-protocol support - he is essentially having to rewrite web pages on
the fly so this is still experimental.

I think writing a password-protected menu that launches captive telnet
and/or lynx sessions is the approach that would be easiest for other sites
to laubch, but I'd hesitate to call this simple.

Another idea for remote access might be to use Win NT remote access
services and PPTP (point-to-point-tunneling protocol). This seems designed
for LAN to LAN or terminal server to LAN access, I think, but I think there
are third-party PPTP clients that might make it easier for isolated users
to use. I'm not sure that this could provide proxy access to off-campus
TCP/IP resources, but it may be worth looking into futrther.

---
    Albert Lunde                      Albert-Lunde at nwu.edu




More information about the Web4lib mailing list