HOME COMPUTER USERS

Access restricted web services

Related links

Issues accessing the offsite proxy from corporate/institutional networks

This document is aimed at Bristol staff & students trying to access the off-site proxy from corporate or institutional networks, and the IT support staff for those corporate networks. Much of it does not apply to home users with a typical home broadband connection.

Corporate/Institutional firewalls & transparent proxies

Many businesses and organisations use firewalls to protect their networks and monitor and/or enforce network access policies. If this is the case, it may prevent access to the University's systems. The following information will be useful to the people who manage the network and may enable them to open up access the University's systems for you.

The University's proxy servers are set up to allow users from outside the University's network to access them, provided they that supply a valid username and password. This uses HTTP/1.1 proxy authentication. However, the traffic must go to the University's servers directly without first passing through another HTTP proxy. Our recommended configuration is to use a proxy auto-config file, which routes requests for a large number of journal sites through our proxy servers {v1,v2,v3,v4}.cache.bris.ac.uk:8080; all other traffic is sent "DIRECT".

To allow this to work correctly, traffic to TCP port 8080 on the following systems must be permitted:

  • v1.cache.bris.ac.uk (137.222.10.108)
  • v2.cache.bris.ac.uk (137.222.10.109)
  • v3.cache.bris.ac.uk (137.222.10.110)
  • v4.cache.bris.ac.uk (137.222.10.111)

Port 8080 traffic must not be transparently proxied, but Network Address Translation (NAT) should work. The network must also be configured to allow TCP port 80 and TCP port 443 traffic to reach the Internet - being directly routed, going through Network Address Translation (NAT) or by the use of a transparent proxy.

Locked down systems with no ability to change proxy settings in web browser

To set up the offsite proxy users need to be able to change the proxy settings in their web browser. In our experience this is normally possible on a corporate network (even on systems where users have no admin rights) as proxy settings are typically stored in the user profile. In a cybercafe environment it may not be possible to change the proxy settings.

One alternative may be to run Portable Firefox, a web browser which runs from a USB stick (but check first with your local IT support that this in itself is permitted).

Offsite proxy may not work with the installed web browser

The offsite proxy may not work with the web browser already installed on your work computer. See Check you can use the offsite proxy.

One alternative may be to run Portable Firefox, a web browser which runs from a USB stick (but check first with your local IT support that this in itself is permitted).