EZproxy directives and configurations offer administrators multiple options for securing your server, monitoring security concerns, and identifying and neutralizing compromised accounts.
If you are running EZproxy on a Windows server, your server may already have an SSL key that you would like to use with EZproxy. The following steps provide a way to export an SSL certificate from the Windows certificate store and import it into EZproxy.
There are instances when a content provider contacts an EZproxy institution with details about a potential security breach. Normally, this is caused by credentials that have been stolen or compromised. These breaches often require action on the part of the institution to ensure continued access to the resource. If no action is taken, access to that resource can be suspended until the breach has been addressed. This documentation describes the steps that must be taken, both proactively and after
With proper configuration, EZproxy can be used behind a firewall that employs Network Address Translation (NAT). In a typical NAT environment, your local machines are connected to the Internet through a firewall machine. Your local machines are typically assigned addresses that are valid in your local network, but that are masked by the firewall machine's address when you access machines that are external to your network.
EZproxy config.txt directives can be entered in many combinations to secure your EZproxy server. The most common security configurations employ encryption settings, limits, and monitoring/logging directives to record and limit users’ activity. The following tables provide lists of commonly used security, monitoring, and logging directives available to secure your sever.
If you are running EZproxy on a Windows server, your server may already have an SSL key that you would like to use with EZproxy. The following steps provide a way to import a Windows certificate into EZproxy.
Discover how to renew an SSL certificate as a self-hosted EZproxy library. As you work through these renewal instructions, your server will continue to use its existing SSL certificate. When you reach the final point where you have a new certificate and it is ready for use, you will explicitly tell EZproxy to switch over to the new certificate.
The following example combines all of the directives listed in the overview, placing them in an order that would be appropriate for your config.txt file. The values shown in specific examples are meant as starting points and may not provide the appropriate balance for your server. Whenever changes are made to config.txt, you need to restart EZproxy.
To secure the login process or to proxy remote https web sites, you must use an SSL certificate. EZproxy allows you to create a self-signed certificate for no cost or to create a certificate signing request which you process through a certificate authority to purchase a certificate.