ExcludeIP is used to identify computers that have IP addresses that are known by your database vendors and thus do not need to be proxied. It accepts a single parameter that is either an IP address or an IP address range.
AutoLoginIP and ExcludeIP are normally used to modify EZproxy's behavior for computers you manage, with ExcludeIP as the recommended and more commonly used option. AutoLoginIP is used in instances where a computer or group of computers must be proxied to be able to access a database, but where you do not need to challenge the user to authenticate first. ExcludeIP is used in instances where a computer or group of computers do not need to be proxied and the user should be redirected to the real URL, without a challenge for user authentication and without the user being proxied.
Starting with EZproxy V6.3, ExcludeIP accepts IP address ranges in CIDR notation. For example:
In this example, all machines in the IP address range of 192.168.0.0-192.168.255.255 are known to the vendor and users from these machines should be redirected to the real database URLs, bypassing EZproxy.
Title Some Database
Title Other Database
This example demonstrates setting up a local server with e-reserves where you want all users, both local and remote, to be required to authenticate before they can access the e-reserves server, but all other databases will bypass EZproxy. The key to this behavior is placing the e-reserves database definition prior to the first ExcludeIP directive.
Title Some Database
To make this configuration truly effective, the resource must be configured not to allow local users access, or else users can simply manipulate the URL and take EZproxy out of the path. When making such a change, you may want to allow select machines direct access, such as staff machines, but insure that all other computers are blocked except for your EZproxy server.
This page last updated: November 20, 2017