AnonymousURL

Why Is This Important?

AnonymousURL allows users to access select content through your EZproxy server without authenticating. It is rarely used and should always be used with caution.

AnonymousURL is a position-dependent directive that interacts with database stanzas. It is rarely used, and when used, should be applied with great caution as it directs EZproxy to proxy specific URL patterns without the request possessing an EZproxy cookie. Its most common use is to authorize EZproxy to allow people to retrieve RSS links through EZproxy. For additional examples of its use see the Examples tab above.

This is a dangerous directive

If you are not clear exactly what this directive does, OCLC encourages you not to use it. If you need help constructing such entries, contact support@oclc.org for assistance.

Syntax (V6.0.8 and Before)

The complete syntax is:

AnonymousURL -RE -CS +|- wildurl

The above line should appear at the beginning of the database stanza it should impact. Suggested use includes the following line as the final line of any stanza with an AnonymousURL directive to limit the directive's behavior to that stanza: 

AnonymousURL -*

Qualifiers

Qualifier Description
-RE Specifies that wildurl is a regular expression
-CS Specifies that a case-sensitive comparison should be performed
+ (with no -) Specifies that EZproxy should allow any URL matching wildurl to be retrieved by unauthenticated users
- Specifies that EZproxy should not allow any URL matching wildurl to be retrieved by unauthenticated users

If you specify -RE but not -CS, be aware that the URL that is being tested will be converted to lower-case, but the regular expression will not be changed, so all literal text in the regular expression should be specified in lower-case or it will not match.

The recommended use of this directive is to place an AnonymousURL + line before the Title line of the database definition that matches the URL, and an AnonymousURL -* directive before the Title line of the next database definition to prevent the directive from affecting any other database definitions. For a more detailed example, see the Example tab above.

Syntax (V6.1 and After)

EZproxy V6.1 added the new -Options qualifier to the AnonymousURL directive, making the new complete syntax:

AnonymousURL -RE -CS -Options +|- wildurl

This line should appear at the beginning of the database stanza it should impact. Suggested using includes the following line as the final line of any stanza with an AnonymousURL directive to limit the directive's behavior to the intended stanza:

AnonymousURL -*

For a more detailed example, see the Example tab.

Qualifiers

Qualifier Description
-Options Specifies that the rest of the directive should match for OPTIONS method requests from the browser but not others such as GET and POST.

 

 

The following examples provide some use cases where the AnonymousURL directive would be appropriate.

RSS readers

If you use an RSS reader, the reader needs to be able to request the XML file through EZproxy so the links will be rewritten, but the RSS reader itself runs at independent times outside the context of EZproxy. In most instances, the RSS feeds themselves are designed for public use by other RSS readers, so the content does not need to be secured from access by EZproxy. Having EZproxy allow the requests through without an EZproxy cookie resolves this.

If the fictional Research Database provides RSS feeds at http://www.researchdb.com/rss/feedname.xml, you might use the following stanza to allow access to these feeds.

AnonymousURL -RE +http://www.researchdb.com/rss/[a-z]+.xml
Title Research Database
URL http://www.researchdb.com
Domain researchdb.com
AnonymousURL -*

You would then need to determine the EZproxy version of the hostname for www.somedb.com and use it to construct a URL such as:

http://www.researchdb.com.ezproxy.yourlib.org/rss/feedname.xml

which you would use in your RSS reader.

External Streaming Media Players

When playing media, especially streaming media, the browser may launch an external program to deliver the content. When the URL reaches that external program, it does not possess EZproxy's session cookie, so the request will be blocked. In these scenarios, vendors have accepted the necessity of allowing the portions of the URLs relating to that media content to proxy without EZproxy actually being able to know for certain that the remote user has authenticated and is allowed to access this resource.

If the fictional News Database uses an external program to deliver streaming WMV files, the following database definition could be necessary for users to access that content:

AnonymousURL +*.wmv
Title News Database
URL http://www.newsdb.com
DJ newsdb.com
AnonymousURL -*

Java Applets

Some Java applets don't have access to send cookies. Some database stanzas will contain an AnonymousURL directive to allow processing of the content presented with these applets.

If the fictional Art Database uses Java applets that cannot send cookies, you might need to construct the database stanza as follows to allow access to JPGs and GIFs:

AnonymousURL +*.gif
AnonymousURL +*.jpg
Title Art Database
URL http://www.artdb.com
DJ artdb.com
AnonymousURL -*

Ajax Requests

A new use case occurs when making Ajax requests to a different server. When this happens, an OPTIONS request may be made without cookies present. If EZproxy does not proxy this, the ability to access the remote content is blocked.

OPTIONS requests with a CORS request (V6.1 and Later)

When browsers send an OPTIONS request, such as when preflighting a CORS (Cross-origin resource sharing) request, they do not send along their cookies as part of the request. When EZproxy receives the request with its cookie, it can't confirm that the user is authenticated, so it creates a redirect to authenticate. Using the -OPTIONS qualifier with AnonymousURL allows EZproxy to handle cases like this.

For example, if EZproxy receives an OPTIONS request from the fictional Research Database, the following database stanza could be used to tell EZproxy that the OPTIONS request can be processed without authentication, but any normal request must have the authentication cookie present:

AnonymousURL -OPTIONS +http://api.researchdb.com/*
Title Research Database
URL http://researchdb.com
DJ researchdb.com
AnonymousURL -*

 

 

Page last revised: September 23, 2015