[WEB4LIB] Re: restricting users to just one site

Gimon, Charles A CAGimon at mplib.org
Thu Mar 7 10:40:57 EST 2002


We're using a proxy.pac file to limit the use of our Catalog workstations as
well. Users of our Catalog workstations can access:

anything within our network
online databases that we subscribe to (such as Infotrac)
any site that we have a record for in our Catalog (mostly .gov or
.state.mn.us sites)
mnlink.org (provides union search of all metro libraries)

We keep a list of allowed domains based on these criteria, and use a perl
script to generate a fresh proxy.pac file daily. Catalog workstations
download the new proxy.pac file each morning as they're booted up. Allowed
domains are in the proxy.pac file as DIRECT, anything else gets sent to a
secondary web server on our network. This secondary web server is not
running any special proxy software; it's just serving up one page with the
message "This site is not available from our Catalog workstations. Please
visit one of our Internet workstations for full access to the Internet."
Note that we had to configure this web server to give this message in
response to a 404 error as well.

We've just been rolling this system out over the last few weeks. So far,
it's worked much better than anything we've tried before.

--Charles Gimon
  Web Coordinator
  Minneapolis Public Library



> -----Original Message-----
> From: Chris Murphy [mailto:chrism at thecommunitylibrary.org] 
> Sent: Wednesday, March 06, 2002 5:07 PM
> To: Multiple recipients of list
> Subject: [WEB4LIB] Re: restricting users to just one site
> 
> 
> I have used automatic proxy configuration files as described 
> by Tim Kambitsch:
> 
> http://www.dayton.lib.oh.us/~kambitsch/netscape/bogus-proxy-se
> rver.html
> 
> For example, I limited machine access to our subscribed 
> databases, and the technique worked very well. Essentially, 
> you use a javascript "bogus proxy configuration" file and 
> configure your browser to use an Automatic Proxy 
> Configuration script (.pac).
> 
> Browser Configurations:
> IE6: Tools>Internet Options>Connections>LAN Settings>Use 
> Automatic Proxy Configuration Script
> Netscape: Edit>Preferences>Advanced>Proxies>Automatic Proxy 
> Configuration
> 
> In the Address field, enter a URL pointing to a .pac file 
> instead of an .html file, e.g., 
> http://server.yourlibrary.com/proxy/catalog.pac
> 
> I have used this approach successfully on Navigator 4.x, 
> Netscape 6, and IE v4-6. Opera 6.0 does not support automatic 
> proxy configuration files, but I think Opera 6.01 might.
> 
> Here is one version of the java scripts I used:
> 
> with (ProxyConfig) {
> function FindProxyForURL(url,host)
> {
> if(isPlainHostName(host) ||
> dnsDomainIs(host, ".thecommunitylibrary.org")||
> dnsDomainIs(host, ".epnet.com") ||
> dnsDomainIs(host, ".galegroup.com") ||
> dnsDomainIs(host, ".wsj.com") ||
> dnsDomainIs(host, ".nytimes.com") ||
> dnsDomainIs(host, "referenceusa.com") ||
> return "DIRECT";
> else
> return "PROXY http://webserver.thecommunitylibrary.org"
> }
> }
> 
> I placed the script on a server and pointed the clients to 
> it; however, you can also house a copy of the script on each 
> local machine (e.g., http://127.0.0.1/proxy/proxy.pac).
> 
> One bug I ran into was that our internal web server did not 
> have the ".pac" extension in its MIME type definitions as a 
> javascript application. Once I figured that out, all went well.
> 
> The web server you define as your "PROXY" should return an 
> Error 404 message for every URL requested that is not in the 
> list. Alternately, you can, like I did, create a custom error 
> message on your designated "PROXY" server.
> 
> We have since allowed full Internet access on all Internet 
> capable computers, so I am no longer using the above approach 
> to limit access to specified URLs. I also modified this 
> approach to restrict access to web mail on Internet 
> computers, but that's another story.
> 
> Hope this helps,
> 
> Chris Murphy
> 
> -- 
> Christopher Murphy
> Information Systems Manager
> The Community Library, Ketchum, Idaho
> chrism at thecommunitylibrary.org
> (208) 726-3493 x111
> http://www.thecommunitylibrary.org
> 



More information about the Web4lib mailing list