Interface

Learn how to use the Interface config.txt  directive to allow the specification of source IP addresses.

As more and more Internet Service Providers and individual resource providers adopt IPv6 standards, it could become increasingly necessary to specify whether EZproxy should use IPv6 or IPv4 to listen for login requests and database source IPs. The Interface directive provides this flexibility.

Interface is a position-dependent config.txt directive that is located near and interacts with LoginPort, LoginPortSSL, ShibbolethSite and database definitions.

The Interface directive allows the specification of source IP addresses for particular purposes, such as which IP address should be used to listen for incoming connections and which IP address should be used to make outgoing connections. In the absence of Interface statements, EZproxy allows the operating system to select which IP address should be used for these types of activities.

The Interface statement accepts a single parameter, which can be one of the following:

  1. One of the IP addresses on the server where EZproxy is installed.
  2. The word Any, which will tell EZproxy to listen on any IP address and allow the operating system to select the source IP address used when creating an outgoing connection.

 Notes:

Examples

An EZproxy database configuration in proxy by hostname might look like this:

Name ezproxy.yourlib.org
LoginPort 80
LoginPortSSL 443
Title Some Database
URL http://www.somedb.com/
D somedb.com
Title Other Database
URL http://www.otherdb.com/
D otherdb.com

Where your proxy by hostname configuration is followed by two database stanzas.

Specifying One IP Address

In most instances, if you want to direct EZproxy to listen on a specific IP address for incoming login requests, it is also reasonable for that address to serve as the source IP address for database requests. In such an instance, the most common application of Interface is the addition of a single statement prior to LoginPort in your proxy by hostname configuration, such as:

Name ezproxy.yourlib.org
Interface 68.14.229.198
LoginPort 80
LoginPortSSL 443
Title Some Database
URL http://www.somedb.com/
D somedb.com
Title Other Database
URL http://www.otherdb.com/
D otherdb.com

This Interface statement impacts not only the LoginPort and LoginPortSSL statements, but also directs EZproxy to use this source IP address when connecting to these databases.

Specifying Multiple IP Addresses

If you add a second Interface Any statement, and create the following config.txt:

Name ezproxy.yourlib.org
Interface 68.14.229.198
LoginPort 80
LoginPortSSL 443
Title Some Database
URL http://www.somedb.com/
D somedb.com
Interface Any
Title Other Database
URL http://www.otherdb.com/
D otherdb.com

EZproxy will listen on 68.14.229.198 for login requests and use that as the source IP when proxying Some Databases, but will allow the operating system to select the source IP when proxying Other Database. It is unusual to need to intermix Interface statements within database definitions, but it is possible to do this to meet unique requirements.

Specifying IPv6 and IPv4 IP Addresses

This method allows you to select which databases should be accessed via IPv6 versus IPv4. This example includes configuring EZproxy to listen on an IPv4 and an IPv6 IP address, and then selecting the IPv4 interface for somedb.com, the IPv6 interface for the otherdb.comdatabase, and allowing the operating system to determine the appropriate database for all other databases. This can be configured as follows:

Name ezproxy.yourlib.org
Interface 68.14.229.198
LoginPort 80
LoginPortSSL 443
Interface FE80::0202:B3FF:FE1E:8329
LoginPort 80
LoginPortSSL443
Interface 68.14.229.198
Title Some Database
URL http://www.somedb.com/
D somedb.com
Interface FE80::0202:B3FF:FE1E:8329
Title Other Database
URL http://www.otherdb.com/
D otherdb.com
Interface Any

The first Interface statement (Interface 68.14.229.198) after the Proxy by Host setup configures EZproxy to listen on 68.14.229.198 for login requests and use that as the source IP when proxying Some Database. The second Interface statement after the setup (Interface FE80::0202:B3FF:FE1E:8329) configures EZproxy to use the IPv6 IP address FE80::0202:B3FF:FE1E:8329 when proxying Other Database. The final Interface Any statement means that any databases following this directive will use the IPv4 interface, and the operating system will be allowed to select the source IP when proxying these resources.

Source IP address for user authentication

The LDAP support in EZproxy does not support specifying a source IP address.

Interface does not change the source IP address used when processing the user.txt file to perform user authentication. To specify the source IP for user authentication, you must Interface as part of the line in user.txt, such as:

   ::Interface=68.14.229.198,FTP=ftpserv.yourlib.org

Below are the methods that do obey specifying a source IP address:

Related directives 

LoginPort, LoginPortSSL, Shibboleth Authentication