Secure your EZproxy server

The following lists provide general best practice suggestions for securing your EZproxy server.

EZproxy security best practices

Other actions you can take

Control access to EZproxy

Geography

  • Use the Location directive and the MaxMind GeoLite file to record and monitor where your users are when they access EZproxy. Use the AuditMost directive to record location information in your audit logs.
  • Monitor and find patterns in your users’ habits. Should anyone be accessing your resources from outside of the US? If not, see step 3.
  • Use IfCity, IfCountry, and IfRegion statements in the user.txt file to restrict access from countries where your users should not be accessing EZproxy.

Intrusion attempts

  • IntruderUserAttempts & IntruderIPAttempts can be set to automatically block users if they fail to provide valid credentials after a certain number of attempts with either a username or from the same IP address.
  • When a user is blocked based on one of these directives, Audit Most will cause the offending username or IP address to be recorded in the audit log with a message identifying why the user was blocked.
  • Events can also be viewed (or cleared if a legitimate user has been blocked) from the EZproxy Administration interface by clicking “View and clear intrusion attempts.”

Monitor usage

  • Use UsageLimit Global to record usage to the audit log
  • You can view all usage by clicking “View usage limits and intrusion attempts” from the EZproxy Administration page. No usage will be suspended since no parameters for suspension have been entered; however, you can monitor the number of transfers a user makes over a 2 day period and the number of megabytes transferred.

For more details about these and other security configuration options, see Options securing your EZproxy server.