How to block a user in EZproxy
Symptom
- A user that can authenticate successfully needs to be blocked in EZproxy
Applies to
- EZproxy
Resolution
To block a user in EZproxy you would add the IfUser condition in the user.txt to deny the user by using a line like this (replace userid with the identifier for that user):
IfUser userid; deny
The positioning of this can affect whether it works or not.
Depending on the circumstances, it may also be necessary to wrap the statement in a "Common" block like this:
::Common IfUser userid; deny /Common
If using SAML for authentication you would instead set in the shibuser.txt to block the user based on the attribute your SAML server returns with the userid. For example, if the userid is returned in NameID this is how to block a user:
If auth:NameID eq "userid"; deny
Once this has been set, to ensure this immediately stops the user from being in EZproxy go to the EZproxy admin page and click on View Server Status. See if the user currently has an active session, click on the user then click on Terminate session.
If you need help or are a Hosted EZproxy then contact OCLC Support.