Limit network access
Using the LIMIT network access option in Admin Corner allows your library to control access to the system based on a user's IP address. The Network Access table controlled by this option uses "service levels" to determine access privileges. A service level is a number from 0 to 9 assigned to an incoming user and to resources on the system or accessed through the system.
Editing Access Table Entries
To edit Network Access table entries or set user service levels for the various originating IP addresses, select the LIMIT network access option in the Admin Corner. The system offers choices similar to the following:
NETWORK ACCESS ADMINISTRATION 01 > TELNET : Remote Login using TELNET 02 > LOGIN : Remote Login 03 > SIERRA 04 > SIERRA2 05 > SSH 06 > IIIFTP 07 > OCLCNET 08 > SELFCHECK 09 > Z39 10 > TELRENEW 11 > WWW(211):Z39 12 > HTTP 13 > MILDATA 14 > WWW(5705) 15 > WWW(5706) 16 > WWW(5712) 17 > List access attempts rejected 18 > List non-local access attempts allowed ___________________________________________________________________________ Key number to modify or Q > QUIT Choose one (1-18,Q)
To modify an access table entry:
- Enter the entry number
- Click Enter.
To view the lists of access attempts:
- Enter the entry number for either List access attempts rejected or List non-local access attempts allowed.
- Click Enter.
Valid Network Access Administration entries include:
Entry | Description |
DLPATRONINFO | This entry controls access to "Pickup Anywhere" servers running at a local site in INN-Reach consortiums. |
HTPATAPI | This entry controls access to the Patron API Server for third-party access to Sierra patron data. |
HTPATAPISSL | This entry controls access to the Patron API Server via SSL (Patron API Server over a secure connection). |
HTTP | This entry controls client browser access for products such as the online catalog (WebPAC), Research Pro, and Encore Synergy as well as access to the staging WebPAC. HTTP entries are the most commonly-changed entries in the Limit Network Access table. |
IIIFTP | This entry controls FTP access to WebPAC screens directories and for the Quick Click product. (See Editing Customizable Files Using Non-Innovative Programs.) |
ILLTRANS | This entry controls access to services that support INN-Reach circulation transactions. |
IRCIRCD | This entry controls the exchange of circulation transaction data between the INN-Reach Central Server and participating Local servers using INN-Reach circulation. |
KIDSONLINE | This entry controls access to the KidsOnline product. |
KIDSSTG:(2090) | This entry controls access to the KidsOnline catalog running from the staging port. |
LOGIN: Remote Login | This entry controls remote login access to the character-based interface for the database. |
MILDATA | This entry controls access to the Data server. |
MILDATA[alternate number] | This entry controls access to additional instances of the Data server. For example, MILDATA2 or MILDATA3. Additional instances are used most commonly on Reference Databases, such as when installing Cataloging on a Reference Database or installing Media Management on a Reference Database. |
MILWSDATA | This entry controls access to a Data Server. This entry accesses the Innovative database and serves web services (including the Web options file) for web applications such as Research Pro and Ecommerce. |
OCLCNET | This entry controls access for OCLC Connexion clients. |
SELFCHECK | This entry controls access to the Selfcheck (SIP2) server and controls which Selfcheck login is assigned to each IP address in use with Selfcheck. |
SIERRA | This entry controls client login access to the Sierra server. |
SIERRA2 | This entry controls client login access to the Sierra server running on an alternate port. |
SMILSH (Sierra-milsh) | This entry controls access to the authentication program for the Sierra Desktop Application |
SSHD: Secure Login | This entry controls access for SSH clients . |
STAGING([port number]):[Reference Database] | This entry controls access to the staging port for a Reference Database, for instance, STAGING(2083):BIN. |
TELNET : Remote Login using TELNET | This entry controls access to the database via remote login using telnet. |
TELRENEW | This entry controls access to the Telephone Renewal System. |
WBRESSERV | This entry controls access to WebBridge Resolution Server. |
WWW ([port number]) [character set] | This entry controls access where a WebPAC is set up to use an alternate character set and runs on a separate port. For example, WWW(1080)BIG5 or WWW(1081)CCCII. |
WWW or HTTP ([port number]) [alternate instance access] | This entry controls access where a WebPAC has been set up using an alternate instance of the database. For example, WWW(2083):BETA controls access to a beta test instance of WebPAC. HTTP(2080):TEST controls access to the port 2080 wwwoptions (web options) test instance. |
WWW([port number]):[Reference Database] | This entry controls access to Reference Databases, for example, WWW(81):ARCH. |
WWW(211):Z39 | This entry controls access to the Z39.50 Client via WebPAC. |
XCATPR | This entry controls access to information used by Encore and Program Registration. |
Z39 | This entry controls access to searching the database via the Z39.50 Server. |
Lists of Access Attempts
The system keeps track of local and non-local connection attempts made to the system. The List access attempts rejected and List non-local access attempts allowed options display a list of all connections either attempted or allowed. For example, the system displays the following for list of allowed connections.
NON-LOCAL ACCESS ATTEMPTS ALLOWED DATE TIME REMOTE IP ADDRESS SERVICE NAME 0001 > 08-19-99 11:57:14 128.195.178.31 http 0002 > 08-19-99 11:56:11 208.140.253.25 http 0003 > 08-19-99 11:55:39 152.163.189.1 http 0004 > 08-19-99 11:55:29 128.200.105.120 http 0005 > 08-19-99 11:55:26 152.163.188.162 http 0006 > 08-19-99 11:55:03 128.195.145.22 telnetd (2) 0007 > 08-19-99 11:54:40 128.195.145.229 http 0008 > 08-19-99 11:54:21 209.179.42.81 http 0009 > 08-19-99 11:54:05 152.163.189.2 http 0010 > 08-19-99 11:53:06 128.195.145.22 telnetd 0011 > 08-19-99 11:52:57 128.195.178.31 http 0012 > 08-19-99 11:52:47 128.195.178.12 telnetd (3) 0013 > 08-19-99 11:52:21 152.163.189.99 http 0014 > 08-19-99 11:52:21 152.163.189.67 http 0015 > 08-19-99 11:52:19 152.163.189.163 http 0016 > 08-19-99 11:52:17 152.163.189.131 http ___________________________________________________________________________ F > FORWARD S > SORT Q > QUIT J > JUMP N > Display host NAME P > PRINT C > CLEAR log file T > TOTAL by date Choose one (F,J,C,S,N,T,Q,P)
List Limits
The total number of attempts listed is limited by the capacity of the log file. When the log file reaches its capacity, older entries are removed to clear space for new entries.
When the system generates the connection attempts list, it sorts the entries in reverse-chronological order. If two or more adjacent connection entries have the same IP address and service name, the system lists them as a "group" and displays the number of connections to the right of the service name in parentheses.
Menu Option | Description |
F > FORWARD | Choose this menu option to display the next screen of results. |
B > BACK | Choose this menu option to display the previous screen of results. |
J > JUMP | Choose this menu option and enter the table entry at the prompt to display a specific table entry. |
S > SORT | Choose this menu option to change the sort order. The sort options are: by Remote Address, by Service name, or by Time (the default). When you change the sort order, the entries in this copy of the connection log may move to different places in the list, so connections that were "grouped" in one sorting sequence may not be "grouped" in another, since they are no longer immediately adjacent. |
N > Display host NAME | Choose this option to display host names in the table instead of IP addresses. If your system cannot resolve the name/address, the system displays a blank entry instead of the fully-qualified domain name. |
N > Display host NUMBER | Choose this option to display host IP addresses in the table instead of host names. |
T > TOTAL by date | Choose this option to print a list of entries, sorted by date. |
Q > QUIT | Choose this option to exit the table. |
P > PRINT | Choose this option to print an entry. |
"Local" Addresses
The system defines a "local" address as any IP address where the first three octets match the first three octets of the IP address of the Innovative server.
For example, if your server's IP address were 123.123.123.7, then any machine with the IP address 123.123.123.1 through 123.123.123.255 would be considered "local". All other IP addresses are considered "non-local".