LISTSERV 16.5 - CODE4LIB Archives

Note that the special sauce required to make that work is "Option
HttpsHyphens" which collapses scholar.google.com.ezproxy.example.org
to scholar-google-com.ezproxy.example.org.

cheers
stuart
--
...let us be heard from red core to black sky


On Wed, Mar 4, 2015 at 7:19 AM, Andrew Anderson <[log in to unmask]> wrote:
> https://pluto.potsdam.edu/ezproxywiki/index.php/SSL#Wildcard_certificate
>
> (You can safely ignore the SSL warning, pluto uses self-signed certificates)
>
> --
> Andrew Anderson, Director of Development, Library and Information Resources Network, Inc.
> http://www.lirn.net/ | http://www.twitter.com/LIRNnotes | http://www.facebook.com/LIRNnotes
>
> On Mar 3, 2015, at 11:46, Karl Holten <[log in to unmask]> wrote:
>
>> If you're using proxy by hostname, it's my understanding that you need to purchase a SSL certificate for each secure domain, otherwise you get security errors. Depending on how many domains you have, the cost of this can add up. Maintaining it is a headache too because it seems like vendors often don't bother to notify you they're making a switch.
>>
>> If there's some way to avoid doing this, I would love to know!
>>
>> Karl Holten
>> Systems Integration Specialist
>> SWITCH Inc
>> 414-382-6711
>>
>> -----Original Message-----
>> From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Stuart A. Yeates
>> Sent: Monday, March 2, 2015 5:27 PM
>> To: [log in to unmask]
>> Subject: [CODE4LIB] making EZproxy http/https transparent
>>
>> In the last couple of months we've had to update a number of EZproxy stanzas as either tools migrate to HTTPS-only or people try to access HTTP/HTTPS parallel resources using browsers that automatically detect HTTP/HTTPS parallel resources and switch users to the HTTPS version (think current Chrome, anything with the HTTPSeverywhere plugin).
>>
>> We'd like to avoid updating our config.txt piecemeal on the basis of user-gernated error-reports
>>
>> We're thinking of going through our EZproxy config.txt and adding an H https:// for every H or URL entry. (Domain and DomainJavascript already work for both HTTP and HTTPS).
>>
>> Has anyone tried anything like this? Are there pitfalls?
>>
>> cheers
>> stuart
>> --
>> ...let us be heard from red core to black sky