If your institution knows or has identified through security testing IP addresses that provide a potential security threat to your instance of EZproxy, you can block all access from these addresses by adding the RejectIP directive followed by these addresses or address ranges. This can be useful for blocking entire geographies that you would like to restrict from accessing your resources or individual users who have tried repeatedly to gain illicit access to your resources.
RejectIP is a position-independent config.txt directive that is used to identify computers that should be blocked from accessing EZproxy. It accepts a single parameter that is either an IP address or an IP address range and can appear multiples times in config.txt.
To block access from the single IP address 188.8.131.52 and the range of addresses from 184.108.40.206 through 220.127.116.11, you would use:
By default, EZproxy will simply close any connection request from a RejectIP address. If you want to provide feedback to users, you can create a file named reject.htm and place it in the docs subdirectory. If EZproxy finds such a file, it sends the file to the remote user and then closes the connection.
The only content that EZproxy will serve to someone accessing from a RejectIP range is reject.htm. Access to anything else is blocked, including any CSS script that you may want to include.
Starting with EZproxy V6.3, RejectIP accepts IP address ranges in CIDR notation. For example:
This page was last revised: November 20, 2017