DLPS Common Collection Access Problems

The most common access problems result in being prompted for authentication, inability to reach the authentication page itself, or receiving a message that collections are not authorized.

The following are the most typical causes of these access problems:

Incorrect or incomplete IP address ranges specified.

Double-check that the IP address ranges supplied to your subscription manager are the full list for your campus or institution. An IP address is made up of four numbers separated by three periods.

The best way to supply IP address ranges is to use the CIDR format, e.g. 123.23.0.0/17. This format is compact, unambiguous, and globally recognized by network administrators.

A common alternative format which many find more intuitive is to use dashes and/or asterisks, e.g. 123.23.0-127.* (which is equivalent to the example above).

Incorrect proxy server configuration.

If your campus uses a proxy server, it generally needs to be configured with the host names and/or domains of our servers. As of 2010-07 these are:

hdl.handle.net
hdl.lib.umich.edu
name.umdl.umich.edu
quod.lib.umich.edu

In addition, the proxy server should to be configured to rewrite URLs in JavaScript.

For the proxy service to take effect, users at your campus or institution need to access the service via a connection through the proxy server, not directly. Your proxy server administrator can provide you with a proper URL for linking to our service; ensure that your users are entering via that URL.

Firewall configuration.

Access problems relating to firewalls can manifest themselves in a number of ways. If your network environment is firewalled, consult your firewall administrator to ensure that access to our service will not be blocked. Be prepared to share the URLs you use for access, and tell the firewall administrator that our services run on the standard HTTP ports 80 and 443.

One emerging problem area is with NAT firewall routers, which are commonly used with ADSL and cable modem connections. These devices provide IP addresses to the workstations in the office or home network (typically 192.168.0.0/16 or some subset of that), but appear on the Internet with a different "external" IP address. For access to work, the external IP address(es) must be static, which is an arrangement you must make with your ISP, and must be supplied to your subscription manager. The internal IP addresses are irrelevant in this environment.

DLPS maintains a simple web-based utility that can be used to determine what IP address your workstation has, from the perspective of our service. This can be very useful to debug firewall-related problems:

http://quod.lib.umich.edu/cgi/whoami

Split-tunneled VPN configuration.

Campus VPNs may be helpful for providing access to off-campus users, but only if they are not configured to use a feature called "split tunneling".

Split tunneling, in simple terms, makes network connections appear to originate on campus (ie, the connection has a campus IP address) when accessing campus services, but appear to be off-campus (ie, the connection has the actual IP address of the home user) when accessing off-campus services. The reason VPNs are usually configured in this way is that in general, VPNs are provided in order to make campus services accessible from off-campus locations, not to make off-campus services available to off-campus locations. Also, split tunneling prevents all off-campus connections from being routed through the campus network, which would create heavy network usage.

If you are attempting to use a VPN to provide off-campus access for patrons at your institution, you will need to talk to your VPN administrator to ensure that split tunneling is not in effect for particular servers. The servers which require an on-campus IP address are as follows:

hdl.handle.net
hdl.lib.umich.edu
name.umdl.umich.edu
quod.lib.umich.edu

 

 

Page maintained by Kat Hagedorn
Last modified: 12/12/2012