What is a Proxy Server and how does it work?

About Proxy Servers

Proxy servers are a standard method of providing library users with remote authentication to library resources.  Some common brand names include EZProxy (OCLC), WAM Proxy (III), OpenAthens Proxy (EduServ), MUSE Proxy (Edulib) and others.  Similar to this is also the BrowZine Pairing Service which works on similar proxy technology but is specifically designed to be used only with BrowZine while others enable remote use of BrowZine as well as other resources accessible via the web.

While each of these systems provides unique features, they all rely on providing access to content via IP recognition.  This method takes advantage of the uniqueness of public IP addresses that are registered to a particular institution.  Because these are unique and cannot be impersonated, they provide a unique and reliable way to ensure that requests for content coming from computers at those IP addresses indeed belong to the institution and therefore the user is a member of this institution.  This is similar to providing the content provider with a unique phone number.  Therefore, whenever they see an incoming "call" from that phone number, they have "Caller ID" to identify who is requesting the content, and if they indeed have valid permission to do so, they can provide this content back to the "caller".

However, these IP addresses typically are restricted to the physical grounds of the institution.  This provides a challenge then for users wanting to access IP-authenticated resources from home or via a mobile device connected to a cellular data network!

The solution is a proxy server which makes the request for content "by proxy" for the user who is outside the IP range by relaying that request through an IP that is inside the IP range.  To continue the use of the phone analogy from above, if only you have the ability to call and request information because your phone number was recognized by the content provider, but your colleague was at home and wanted some information, they could call you and you could then relay this request to the provider, and then, in turn, relay this information back to your colleague.  Proxy servers work in much the same way.  But how does the proxy server know if the user outside the IP range should be allowed access?

This is where authentication comes in.  Authentication to the proxy server can take many forms.  For example, EZProxy provides access via a wide range of authentication methods and the other proxy servers have similar lists of supported techniques.  A very common option is to link the username/password boxes seen on a proxy server login screen to that of the LDAP/Active Directory database for the institution.  This would be a "master list" of usernames/passwords that access other types of accounts for individuals on campus, typically including things like email accounts or links to student accounts or human resources information.  This way, the user doesn't need a "special" login to sign into the proxy server to access library materials.  This provides the best possible user experience.  Another popular method is to authenticate via Shibboleth which provides single sign on (SSO) capability to a wide variety of technology systems popular in universities.

Each proxy server has a unique IP address assigned to it.  Sometimes this proxy server will already exist within your institution's IP range and if you have already registered these IP ranges with your provider then you do not need to contact your content providers with this new IP address.  However, some content providers require that you designate if you have a proxy server and the exact IP address of that proxy server.  Be sure to check your license agreements for each content provider for details!

Getting started with a Hosted Proxy Provider

This is a proxy server that lives outside your normal IP range and is hosted by one of the companies providing the proxy software.  By choosing a hosted option you do remove the need to handle the technical setup of a server, but you will still need some information from your IT department to link that proxy server with the LDAP/Active Directory or Shibboleth system (or other similar authentication system) to this hosted proxy.

Additionally, you will need to update your IP ranges with all of your content providers to include this new IP address so that when that content provider sees data requests coming from this proxy server they will recognize that IP as being part of your institution and provide content to the user.

Finally, there will be some work needed on your proxy server to configure it for the resources you wish for it to proxy.  For security reasons, most proxy servers are setup as "white list" proxies, meaning that you need to explicitly detail in a configuration file/system all of the domains that you wish it to provide proxy services for.  This prevents abuse of the proxy server to, for instance, proxy youtube.com or some other high-bandwidth resource which would then slow down other users legitimate use of library content.  The amount of configuration needed varies by proxy provider and whether or not it is a hosted or self-installed system (hosted systems typically require less configuration).

BrowZine Pairing Service versus Hosted Proxy Systems

BrowZine Pairing Service
The BrowZine Pairing Service (BPS) provides an excellent alternative to a hosted proxy system if:
  1) You have no remote authentication system at all and you wish only to provide remote access via BrowZine
   2) You have some form of remote authentication but not one supported by BrowZine.

BrowZine Pairing Service provides:
   1) Fast setup by Third Iron
   2) High performance system
   3) Zero involvement needed from IT department
   4) Works by "pairing" with your campus for set intervals of time rather than relying on credentials to establish authorized users.  Convenient for security-minded environments where setting up a proxy server to provide access using sensitive credentials is not allowed by IT security protocols. 
   5) Low-cost solution worked into the total price of BrowZine
   6) No configuration of technical systems - Third Iron handles all of the "white listing" as explained above.

However, as mentioned earlier BrowZine Pairing Service can only be used with BrowZine for iOS and Android.  It cannot be used as a "general" proxy system for your library website and other content sources you may provide to your users.

Additionally, the library will be responsible for registering the Pairing Service IP address with all content providers.  This effort is identical to that of setting up a new Hosted Proxy Server.

You can read more about the BrowZine Pairing Service Here.

Hosted Proxy System
A hosted proxy system is ideal if:
   1) Your IT security policy will make it possible to authenticate via a standard authentication system within your institution
   2) You are interested in a general proxy to make all your web-enabled resources (as well as BrowZine!) accessible to your users off campus

This second point is the most important and the main reason you should choose a Hosted Proxy System over the BrowZine Pairing Service.

At Third Iron, we are here to help!  If you would like to discuss your unique requirements situation with us, we would be happy to advise you on the best course of action for you and your institution.  We have successfully worked with hundreds of libraries around the world to advise the best technology solution for their needs.  Please contact us at support@thirdiron.com with any additional questions you may have!

Library Configuration and FAQ

  1. About the BrowZine Taxonomy
  2. Your Institution Logo in BrowZine
  3. Publisher EZProxy Definitions and Common Issues
  4. EZProxy Configuration Instructions
  5. WAM Proxy Configuration Instructions
  6. Proxy Auto-Configuration (PAC) file Configuration Instructions
  7. Proxy Configuration Instructions
  8. How does authentication work with the BrowZine app? (iOS & Android)
  9. What is a Proxy Server and how does it work?
  10. What Proxy Servers do you Support?
  11. OpenAthens FAQ
  12. Shibboleth FAQ
  13. Does BrowZine support VPN? (iOS, Android & Web)
  14. EZProxy: Proxy by port or Proxy by Domain?
  15. Overview of the BrowZine Pairing Service (iOS & Android)
  16. LibGuide Integrations
  17. RefWorks and BrowZine (iOS & Android)
  18. BrowZine Marketing Widget - Integration Issues and FAQ
  19. BrowZine Marketing Widget - iFrame Workaround
  20. BrowZine Marketing Widget - Whitelabel Edition
  21. Getting Started with your Trial / Subscription (iOS, Android & Web)
  22. Inter-Library Loan / Link Resolvers and BrowZine (All Platforms)
  23. How do I integrate BrowZine's journal title/ISSN lookup into my library webpage?
  24. BrowZine Web & LibKey Accessibility
  25. How to integrate BrowZine within Primo
  26. How to integrate BrowZine with Summon
  27. How to integrate BrowZine within EBSCO Discovery Service (EDS)
  28. How to integrate BrowZine within OCLC WorldCat Discovery
  29. Creating a drop-down menu with BrowZine Durable URL's in HTML
  30. Extended A-Z BrowZine Web Search to cover all Library Titles
  31. BrowZine API Functionality
  32. BrowZine and OpenAthens Overview
  33. Finding your OpenAthens Redirector URL
  34. How do I add a BrowZine's journal title/ISSN search box to my OpenAthens home page?
  35. How To Find Your Primo Link Resolver Base URL
  36. Determining your ProQuest ID
  37. List of Domains to Whitelist for BrowZine and LibKey Operation

Feedback and Knowledge Base