GDPR Privacy Notice for EZproxy
When using EZproxy with certain authentication methods, EZproxy’s native login pages display. OCLC deploys a default page (login.htm) but always offers customers the opportunity to tailor that for their institution.
As you are no doubt aware, a new set of data regulations in European Union law, the General Data Protection Regulation (GDPR), came into force in May 2018. As part of your GDPR compliance efforts, you may want to include a GDPR privacy notice for your institution on your EZproxy login page and other HTML pages providing login failure and other information. To do so:
EZproxy hosted customers: please send OCLC Support a login.htm page to deploy which includes your privacy notice. The default login.htm page is available in a zip file for download. If you have already submitted a modified login page for your institution, please apply the GDPR privacy notice to that file and send it to us.
EZproxy stand-alone customers: please see our documentation on how to edit EZproxy html pages.
Please contact OCLC Support with any questions.
When you download EZproxy, some of these pages will be created with the command
whereas other pages must be created manually by the EZproxy administrator and saved in the docs directory.
Customize a page created by EZproxy
- Navigate to the EZproxy docs directory. If it has not been moved, you should find it in the EZproxy folder at the same level as the EZproxy binary or executable file.
- Use a text or html editor to open the html file you want to customize.
- Make changes to the text and images. Make sure you place any graphics files in the public subdirectory, and link to them appropriately.
Note: Be careful when editing the form section if you are editing a login or loginbu page. If you are not familiar with editing forms in html, OCLC suggests that you do not edit this section.
Customize a page not created by EZproxy
- Create a new html file using a text or html editor.
- Edit the file, adding any informational, instructional or warning text in the body of the file. If you are uncertain how to create html pages, you can use one of the default pages as a guide.
- Save the file to the docs folder in the EZproxy directory and name it according to the table below. EZproxy will only retrieve the pages named i the table below. If you are not seeing your customized page, make sure you have named it correctly (with no typos) and create the appropriate conditions for this page's retrieval.
The following pages can be edited and saved in the docs directory. If one of the following pages has been saved in the docs directory, EZproxy will send it to the user in the cases described below. Pages created when you install EZproxy are marked with an *.
|In proxy by hostname, if this file exists, it is sent if someone uses a name that points at the EZproxy server but EZproxy does not recognize that hostname. If this file does not exist, EZproxy redirects the user to the proper name of the EZproxy server, which is normally the preferred behavior.
|This file is sent if EZproxy is unable to set its cookie in the remote browser.
|This file is sent if someone tries to connect to an https service using http.
|If this file exists, it is sent when a user has exceeded an IntruderUserAttempts. Using this file to provide feedback simultaneously reveals your policy for number of attempts, which makes it easier for brute force attackers to know when they should try another account. If you choose to use this option, it is best to also enforce a IntruderIPAttempts restriction to increase the difficulty of probing your server.
|If this file exists, it is sent if the ::Limit option is used in user.txt and a user exceeds his/her login limit. This file may include the special sequence ^0 mentioned below.
|This file is sent when someone needs to log in to EZproxy.
|This file is sent when someone has tried to log in to EZproxy but has provided "bad user" information (invalid username or password).
|This file is sent when someone accesses the /logout URL to end an EZproxy session.
|This file is sent if EZproxy is configured to use groups and a user tries to access a database for which he/she is not authorized.
If this file exists, it is sent if someone tries to use a starting point URL for a target URL that has not been configured with a database stanza in config.txt. If this page is not added, the following default message will be displayed:
To allow http://www.researchdb.com to be used in a starting point URL, your EZproxy administrator must first authorize the hostname of this URL in the config.txt file.
Within this database's section of config.txt, either the following line must be added:
or, alternatively, a RedirectSafe for this host or domain may be appropriate.
After editing config.txt, the EZproxy server must be restarted to make changes take effect.
|If this file exists, it is sent if the MaxVirtualHosts limit has been exceeded and is preventing access to a web page.
If this file exists, it is sent if a RejectIP directive in config.txt matches the remote user address or if the IP address has exceeded a IntruderIPAttempts -Reject threshold. If an attempt is made from a rejected address and this file does not exist, the connection is simply closed.
|If this file exists, it is sent when a user trips any of the security rules introduced in EZproxy 7.1, if the site has enabled those rules in blocking mode.
The files above may reference the following variables, although not all of these variables are available or appropriate for use in all of these files.
|Send a caret (^).
|^B starts and ^E ends a section of HTML that should be repeated for each database definition from config.txt, or if Option MenuByGroups is in config.txt. Only the databases that are available to the groups with which the user is associated are presented. If you would like to change the way the links behave, edit the HTML between the ^B/^E tags on the menu.htm page.
|Send the description of a database as declared by the Description directive in config.txt .
|Adds a hidden field whose value must match a cookie named ezproxycsrftoken when Option CSRFToken is enabled. Supported in EZproxy V6.3 and above. See Option CSRFToken
|Send just the hostname portion of the destination URL.
|Insert the login URL for this server (e.g. http://ezproxy.yourlib.org:2048/login).
|Insert the URL for this server (e.g. http://ezproxy.yourlib.org:2048).
|Send the title of a database as declared by the Title directive in config.txt.
|Destination URL in edited format, suitable to display to the end-user in an HTML page.
|Destination URL in verbatim format, suitable for use in forming a destination URL such as for part of an "href" tag.
|Destination URL prepared to redirect user the Shibboleth WAYF (only available if Shibboleth authentication is enabled).
|For limit.htm, send the maximum number of logins allowed for the user.
|For limit.htm, send "s" if the user limit is not 1, send nothing if the user limit is 1.
|For limit.htm, send "are" if the user limit is not 1, send "is" if the user limit is 1.
|Evaluate the Expression that appears within the braces and send the resulting value.