RedirectSafe

Minimum version required

The features described on this page require EZproxy 5.1c or later.

Overview

RedirectSafe is a position-independent directive that may be repeated as needed. Typical placement is toward the top of config.txt.

The typical use of RedirectSafe is to identify the hostnames of web sites with free content that do not need to be proxied, but that may appear in starting point URLs generated by systems such as Electronic Resource Management Systems. Prior to EZproxy 5.1c, the typical solution to handle such hostname was to incorporate "Option RedirectUnknown" into config.txt/ezproxy.cfg. This earlier option did not limit which hostnames could be specified and became a security risk when phishing sites began to create starting point URLs that point to institutional EZproxy servers but that target their own servers.

Configuration

A sample use of RedirectSafe is:

RedirectSafe somedb.com
RedirectSafe otherdb.com

In this example, if the hostname of a URL is exactly somedb.com or otherdb.com, or if the hostname ends with .somedb.com or .otherdb.com, it is considered safe for redirection.

If such a hostname appears in a starting point URL, and if EZproxy is not otherwise configured to proxy the hostname, then a user accessing such a URL will be silently redirected to the specified URL instead of receiving an error about the hostname not being configured.

RedirectSafe priority

If a hostname a directive that indicates proxying should occur--Domain (D), DomainJavascript (DJ), Host (H), HostJavascript (HJ), or URL (U)--and also matches a RedirectSafe directive, then the proxying directive will take priority for the hostname and indicate that proxying should occur, overriding the RedirectSafe directive. This behavior makes it safe for an institution to bulk generate RedirectSafe directives based on all possible destination hostnames without the need to explicitly avoid hostnames that should be proxied.

Note that this is only true for RedirectSafe at the domain level. If you use RedirectSafe at the host level, it will override any existing Host/Domain directives. In other words, in this configuration:

RedirectSafe somedb.com
Host www.somedb.com

the host www.somedb.com will be proxied. However, in the following configuration:

RedirectSafe www.somedb.com
Host www.somedb.com

www.somedb.com will not be proxied, because the host-level RedirectSafe overrides the Host statement.

 

Other areas that use RedirectSafe

EZproxy 5.1c introduced the ability to specify a target location where a user should be redirected after logging out of EZproxy using URLs of the form:

http://ezproxy.yourlib.org:2048/logout?url= http://www.yourlib.org/loggedout.htm

To use this syntax, the hostname of the target URL must match to a RedirectSafe directive.