RedirectSafe directive can be used to identify web sites that do not need to be proxied, but which should be allowed as targets of starting-point URLs. The directive may be repeated as needed. Typical placement is toward the top of config.txt. Prior to EZproxy 5.1c, the typical solution to handle such hostname was to incorporate Option RedirectUnknown into config.txt/ ezproxy.cfg. This earlier option did not limit which hostnames could be specified and became a security risk when phishing sites began to create starting point URLs that point to institutional EZproxy servers but that target their own servers.
If wilddomain does not contain a * wildcard, then EZproxy will match any hostname that exactly matches wilddomain or that ends with a period followed by wilddomain.
If wilddomain contains an *, then EZproxy will attempt to match hostnames using * as a wildcard for 0 or more characters and ? as a wildcard for any single character. Note that ? only works as a wildcard if * is also specified.
If port is omitted, then EZproxy will not check the port of the requested host to determine if a match exists.
If port is included, then EZproxy will only prevent proxying if port matches the port for the requested URL.
Qualifier | Description |
---|---|
wilddomain | The domain for which redirection is permitted. |
Option | Description |
---|---|
port | If the port is included, the only URLs that contain port will permit redirection. |
RedirectSafe wilddomain[:port]
A sample use of RedirectSafe is:
RedirectSafe somedb.com
RedirectSafe otherdb.com
In this example, if the hostname of a URL is exactly somedb.com or otherdb.com, or if the hostname ends with .somedb.com or .otherdb.com, it is considered safe for redirection.
If such a hostname appears in a starting point URL, and if EZproxy is not otherwise configured to proxy the hostname, then a user accessing such a URL will be silently redirected to the specified U RL instead of receiving an error about the hostname not being configured. RedirectSafe priority If a hostname a directive that indicates proxying should occur (Domain (D), DomainJavascript (DJ), Host (H), HostJavascript (HJ), or URL (U)) and also matches a RedirectSafe directive, then the proxying directive will take priority for the hostname and indicate that proxying should occur, overriding the RedirectSafe directive. This behavior makes it safe for an institution to bulk generate RedirectSafe directives based on all possible destination hostnames without the need to explicitly avoid hostnames that should be proxied.
EZproxy 5.1c introduced the ability to specify a target location where a user should be redirected after logging out of EZproxy using URLs of the form:
http://ezproxy.yourlib.org:2048/logout?url= http://www.yourlib.org/loggedout.htm
To use this syntax, the hostname of the target URL must match to a RedirectSafe directive.