EZproxy Release Notes

Release Notes for EZproxy V6.1 and later can be downloaded as PDFs. See EZproxy Changes Archive for all changes made prior to V6.0 (through V5.7.44).

2015-05-05

EZproxy changes for Version 6.0.8

Download EZproxy V6.0.8 here.

Configuration Updates

  1. In EZproxy V6.0, CSS files were not being re-written by EZproxy. This issue has been resolved. Mimetype “json” has been added to the default list of objects rewritten by EZproxy. Any stanzas that previously required the directive Mimefilter json to be added will no longer require this statement. However, it will not do any harm if you leave it in those stanzas that already have it. You don’t have to take it out, but you won’t need to add it.

  2. EZproxy can now send custom headers along with the requests that it sends to content providers using the Option AddHeader directive.

    config.txt directive:
    Option AddHeader name expression

    name The HTTP header key for EZproxy to send to the host (typically the content provider). This parameter cannot contain any spaces.
    expression

    An EZproxy expression, which will be evaluated by EZproxy and sent as the HTTP Header’s corresponding value. This may contain spaces.


    This is a position-specific parameter that can be set for individual databases. Place it within a database definition stanza, after the Title statement, for it to take effect for that stanza.

    Example:

    AddHeader X-TEST session:sessionid . ";" . IP()

    In this example, EZproxy sends a header with the name, X-TEST, to the content provider. The content of the header (expression) is the EZproxy session ID (session:sessionid) and user IP address (.IP()); for example, EZproxy would send ArIGWscnFyIGvYD;132.174.3.3.

  3. EZproxy allows you, with the Option AdminSession directive, to add a new column to the admin server status session table. This column will be populated with a value determined by the EZproxy expression included in this directive statement. When used with the new StoredCookie function, defined below, this directive will record a specific cookie if it has been sent from the given domain to EZproxy.

    config.txt directives
    Option AdminSession column-name expression

    column-name

    The displayed name of the new column created in the session table on the admin server status screen.

    expression

    The EZproxy expression for which you wish to record values in the session table on the admin server status screen. This was designed to be used with the StoredCookie function defined below; however, depending on your configuration, other expressions may work. Not all expressions will work with this directive.


    StoredCookie: A two-parameter function constructed as follows: StoredCookie("domain","cookiename"), where domain is the domain sending the cookie to EZproxy, and the cookiename is the name of the cookie being sent and displayed. The StoredCookie function will only work with domain cookies set by the server; javascript set cookies will not work. Additionally, cookies that do not specify the domain will not work. This directive can be used to determine if the specified cookie has been returned from the given domain to EZproxy. Option Cookie settings can effect this directive.

    Example:
    If the set-cookie header returned is NOTIFY-COOKIE=someuser; path=/; domain=somedb.com; expires=Wednesday, 09-Nov-2020 23:12:40 GMT, then to display an alert notification when this cookie is received in an EZproxy session, use:

    Option AdminSession NOTIFY-COOKIE StoredCookie(".somedb.com","alert-cookie")

Security Updates

  1. The following encryption/security options have been disabled by default: 40 and 56 bit encryptions, and SSL V2. The new, default SSLCipherSuite string is:

    HIGH:MEDIUM:!ADH:!aNULL:!LOW:!EXP:!SSLv2:@STRENGTH

  2. EZproxy V6.0.8 was built with libxml 2.9.2, which resolves the “billion laughs” security issue.

  3. This version of EZproxy supports requesting Certificate Signing Requests (CSR’s) using SHA-2. OCLC recommends not to use 4096 because it will slow down your server’s performance because the key size is so large.

Bug Fixes

  1. EZproxy incorrectly suspended users who had not surpassed the Usage limits set in config.txt. This resulted when EZproxy restored some suspension data against the wrong accounts. EZproxy V6.0.8 now correctly restores suspension data after a restart.

  2. The SourceIP directive was not working correctly in V6.0; this problem has been resolved, and it now works correctly.

  3. The Location directive was not mapping IPv4 addresses to geographies using MaxMind GeoLite data. This problem has been resolved, and IPv4 addresses are now mapped to the appropriate geographies.

  4. Previously, under certain circumstances Option BlockCountryChange could be circumvented. This bug has been resolved, and Option BlockCountryChange now reliably blocks a change in the user’s location mid-session as identified by IP address mapping.

  5. In some cases, sessions that were inactive were not terminated and removed from EZproxy’s internal tables, eventually causing out-of-memory or EZproxy MaxSessions to be exceeded. This problem has been resolved.

2015-01-28

EZproxy changes for Version 6.0

Download EZproxy V6.0 here.

Enhancements for EZproxy implementations:

  1. Support for IPv6
    EZproxy V6.0 supports specifying IPv6 addresses in directives that parse IP addresses. The purposes of these directives have not been changed; they have been enhanced to support IPv6 address syntax. The following are some of the config.txt directives that now support the specification of IP addresses:
    AutoLoginIP
    DNS
    IncludeIP
    IntruderIPAttempts
    Location
    ExcludeIP
    Referer
    RejectIP
    These user.txt directives also support IPv6:
    IfIP, ::IfIP
    SourceIP, ::SourceIP
    ::ldap
  2. Backward Compatibility with pre-V6.0 configuration files
    EZproxy V6.0 is designed to be backward compatible with pre-V6.0 configuration files. You do not need to modify your configuration files to run EZproxy V6.0 in IPv4 mode.

  3. New Option IPv6 directive
    This directive is a position-independent directive in config.txt that specifies the default network lookup order for DNS addresses. If this directive is specified, then the DNS lookup is performed for an IPv6 address. If that lookup fails, then an IPv4 lookup is performed.

    If this directive is not specified, then the lookups are only performed for IPv4 IP addresses.

  4. Changes to the Interface directive
    The interface directive is used to define the IP interfaces EZproxy can use for its operations. The Interface directive now supports additional syntax to specific IPv6 vs IPv4 interfaces. The related configuration directives, LoginPort and LoginPortSSL serve the same function as previous EZproxy releases and have been enhanced to provide the same functionality with IPv6 addresses. See more details at the Interface directive page.

  5. New License Keys
    EZproxy V6.0 now uses the OCLC WSKey (Web Service Key) for license management. A new WSKey must be obtained to run EZproxy V6.0, as the license keys from previous version of EZproxy will not work in EZproxy V6.0.
    WSKeys are requested from OCLC's Developer Network website. Detailed instructions on this process can be found at How To Request a WSKey.

  6. Known Issues
    Please see the Known Issues page on the EZproxy support site for a current list of known issues.
 

GeoLite data

This product includes GeoLite data created by MaxMind, available from www.maxmind.com .

We are a worldwide library cooperative, owned, governed and sustained by members since 1967. Our public purpose is a statement of commitment to each other—that we will work together to improve access to the information held in libraries around the globe, and find ways to reduce costs for libraries through collaboration. Learn more »