Firewalling Proxy Server for Innopac

1
Firewalling Proxy Server for Innopac
2
Proxy, Firewall and Innopac

• Proxy
• Firewall
• Combining proxy and firewall

3
Proxy Description

• Transparent web proxy
• Change of browser settings not required
• All access to WebPAC must first go through the
  proxy
• Proxy software Apache or Squid

4
Proxy Encoding detection

• OPAC migrate to Unicode in July 2003
• R2002 phase 2 browser encoding problem
• Add an HTML META tag to facilitate automatic
  encoding detection
• ltmeta http-equiv"Content-Type"
  content"text/html charsetutf-8"gt
• Solved in R2002 phase 3

5
Proxy Logging

• Logging of all WebPAC activities including
• OPAC searching browsing
• Downloading MARC records
• Viewing book covers
• etc etc
• Many tools available to generate statistics from
  the standard log files

6
Proxy Statistics
7
Proxy Statistics (cont.)
8
Proxy Other applications

• Fine-grain access control, e.g.
• Restricting access to Innopac manual
• Controlling download of MARC records
• Banner display during software updates
• When WebPAC is down for maintenance
• Enhance WAM Rewrite Proxy
• Bypass WAM Proxy for on-campus users

9
Firewall Description

• Transparent bridging firewall
• No modification to Innopac settings
• All access to Innopac must first go through the
  firewall (not only WebPAC)
• Firewall software Linux kernel iptables

10
Firewall Security

• Another line of defence against security holes
• No software is perfect
• Configuration error
• Delay in software update
• Low level logging and monitoring

11
Firewall Security (cont.)

• Innopac - Limit Network Access
• PatronAPI, OCLCNET etc.
• Are they really secure?
• Operating system

12
Firewall proxy

• Firewall security
• proxy features
• Work together
• nicely within the
• same box

13
HW/SW requirements

• Hardware
• Low hardware requirements
• PC Server with two network interfaces
• Software
• All open source
• Highly flexible and reliable

14
Things to note

• What you want to achieve
• Choose among available solutions
• Extra resource may be required
• What to do in case of failure recovery plan
• Study Innovatives FAQ on Firewalls
• Thorough testing to make sure that normal
  services are not adversely affected
• Firewall itself is not perfect!
• Can only provide certain kind of protection
• Do not blindly trust the firewall

15
Thank you

• Questions comments
• For technical details, please contact
• Ernest YIK,
• Information Technology Planning,
• University Library System, CUHK
• ernest_at_lib.cuhk.edu.hk