Limit network access

Using the LIMIT network access option in Admin Corner allows your library to control access to the system based on a user's IP address. The Network Access table controlled by this option uses "service levels" to determine access privileges. A service level is a number from 0 to 9 assigned to an incoming user and to resources on the system or accessed through the system.

Editing Access Table Entries

To edit Network Access table entries or set user service levels for the various originating IP addresses, select the LIMIT network access option in the Admin Corner. The system offers choices similar to the following:

            NETWORK ACCESS ADMINISTRATION

01 > TELNET : Remote Login using TELNET
02 > LOGIN  : Remote Login
03 > SIERRA
04 > SIERRA2
05 > SSH
06 > IIIFTP
07 > OCLCNET
08 > SELFCHECK
09 > Z39
10 > TELRENEW
11 > WWW(211):Z39
12 > HTTP
13 > MILDATA
14 > WWW(5705)
15 > WWW(5706)
16 > WWW(5712)
17 > List access attempts rejected
18 > List non-local access attempts allowed

___________________________________________________________________________
 Key number to modify or
 Q > QUIT
 Choose one (1-18,Q)
 

To modify an access table entry:

  1. Enter the entry number
  2. Click Enter.

To view the lists of access attempts:

  1. Enter the entry number for either List access attempts rejected or List non-local access attempts allowed.
  2. Click Enter.

Valid Network Access Administration entries include:

EntryDescription
DLPATRONINFOThis entry controls access to "Pickup Anywhere" servers running at a local site in INN-Reach consortiums.
HTPATAPIThis entry controls access to the Patron API Server for third-party access to Sierra patron data.
HTPATAPISSLThis entry controls access to the Patron API Server via SSL (Patron API Server over a secure connection).
HTTP

This entry controls client browser access for products such as the online catalog (WebPAC), Research Pro, and Encore Synergy as well as access to the staging WebPAC.

HTTP entries are the most commonly-changed entries in the Limit Network Access table.

IIIFTPThis entry controls FTP access to WebPAC screens directories and for the Quick Click product. (See Editing Customizable Files Using Non-Innovative Programs.)
ILLTRANSThis entry controls access to services that support INN-Reach circulation transactions.
IRCIRCDThis entry controls the exchange of circulation transaction data between the INN-Reach Central Server and participating Local servers using INN-Reach circulation.
KIDSONLINEThis entry controls access to the KidsOnline product.
KIDSSTG:(2090)This entry controls access to the KidsOnline catalog running from the staging port.
LOGIN: Remote LoginThis entry controls remote login access to the character-based interface for the database.
MILDATAThis entry controls access to the Data server.
MILDATA[alternate number]This entry controls access to additional instances of the Data server. For example, MILDATA2 or MILDATA3. Additional instances are used most commonly on Reference Databases, such as when installing Cataloging on a Reference Database or installing Media Management on a Reference Database.
MILWSDATAThis entry controls access to a Data Server. This entry accesses the Innovative database and serves web services (including the Web options file) for web applications such as Research Pro and Ecommerce.
OCLCNETThis entry controls access for OCLC Connexion clients.
SELFCHECKThis entry controls access to the Selfcheck (SIP2) server and controls which Selfcheck login is assigned to each IP address in use with Selfcheck.
SIERRAThis entry controls client login access to the Sierra server.
SIERRA2This entry controls client login access to the Sierra server running on an alternate port.
SMILSH (Sierra-milsh)This entry controls access to the authentication program for the Sierra Desktop Application
SSHD: Secure LoginThis entry controls access for SSH clients .
STAGING([port number]):[Reference Database]This entry controls access to the staging port for a Reference Database, for instance, STAGING(2083):BIN.
TELNET : Remote Login using TELNETThis entry controls access to the database via remote login using telnet.
TELRENEWThis entry controls access to the Telephone Renewal System.
WBRESSERVThis entry controls access to WebBridge Resolution Server.
WWW ([port number]) [character set]This entry controls access where a WebPAC is set up to use an alternate character set and runs on a separate port. For example, WWW(1080)BIG5 or WWW(1081)CCCII.
WWW or HTTP ([port number]) [alternate instance access]

This entry controls access where a WebPAC has been set up using an alternate instance of the database. For example, WWW(2083):BETA controls access to a beta test instance of WebPAC. HTTP(2080):TEST controls access to the port 2080 wwwoptions (web options) test instance.

WWW([port number]):[Reference Database]This entry controls access to Reference Databases, for example, WWW(81):ARCH.
WWW(211):Z39This entry controls access to the Z39.50 Client via WebPAC.
XCATPRThis entry controls access to information used by Encore and Program Registration.
Z39This entry controls access to searching the database via the Z39.50 Server.

Lists of Access Attempts

The system keeps track of local and non-local connection attempts made to the system. The List access attempts rejected and List non-local access attempts allowed options display a list of all connections either attempted or allowed. For example, the system displays the following for list of allowed connections.

           NON-LOCAL ACCESS ATTEMPTS ALLOWED                  
        DATE      TIME        REMOTE IP ADDRESS         SERVICE NAME
 0001 > 08-19-99  11:57:14    128.195.178.31            http
 0002 > 08-19-99  11:56:11    208.140.253.25            http
 0003 > 08-19-99  11:55:39    152.163.189.1             http
 0004 > 08-19-99  11:55:29    128.200.105.120           http
 0005 > 08-19-99  11:55:26    152.163.188.162           http
 0006 > 08-19-99  11:55:03    128.195.145.22            telnetd (2)
 0007 > 08-19-99  11:54:40    128.195.145.229           http
 0008 > 08-19-99  11:54:21    209.179.42.81             http
 0009 > 08-19-99  11:54:05    152.163.189.2             http
 0010 > 08-19-99  11:53:06    128.195.145.22            telnetd
 0011 > 08-19-99  11:52:57    128.195.178.31            http
 0012 > 08-19-99  11:52:47    128.195.178.12            telnetd (3)
 0013 > 08-19-99  11:52:21    152.163.189.99            http
 0014 > 08-19-99  11:52:21    152.163.189.67            http
 0015 > 08-19-99  11:52:19    152.163.189.163           http
 0016 > 08-19-99  11:52:17    152.163.189.131           http
___________________________________________________________________________
  F > FORWARD               S > SORT                       Q > QUIT
  J > JUMP                  N > Display host NAME          P > PRINT
  C > CLEAR log file        T > TOTAL by date
  Choose one (F,J,C,S,N,T,Q,P)
List Limits

The total number of attempts listed is limited by the capacity of the log file. When the log file reaches its capacity, older entries are removed to clear space for new entries.

When the system generates the connection attempts list, it sorts the entries in reverse-chronological order. If two or more adjacent connection entries have the same IP address and service name, the system lists them as a "group" and displays the number of connections to the right of the service name in parentheses.

Menu OptionDescription
F > FORWARDChoose this menu option to display the next screen of results.
B > BACKChoose this menu option to display the previous screen of results.
J > JUMPChoose this menu option and enter the table entry at the prompt to display a specific table entry.
S > SORTChoose this menu option to change the sort order. The sort options are: by Remote Address, by Service name, or by Time (the default). When you change the sort order, the entries in this copy of the connection log may move to different places in the list, so connections that were "grouped" in one sorting sequence may not be "grouped" in another, since they are no longer immediately adjacent.
N > Display host NAMEChoose this option to display host names in the table instead of IP addresses. If your system cannot resolve the name/address, the system displays a blank entry instead of the fully-qualified domain name.
N > Display host NUMBERChoose this option to display host IP addresses in the table instead of host names.
T > TOTAL by dateChoose this option to print a list of entries, sorted by date.
Q > QUITChoose this option to exit the table.
P > PRINTChoose this option to print an entry.

"Local" Addresses

The system defines a "local" address as any IP address where the first three octets match the first three octets of the IP address of the Innovative server.

For example, if your server's IP address were 123.123.123.7, then any machine with the IP address 123.123.123.1 through 123.123.123.255 would be considered "local". All other IP addresses are considered "non-local".

See Also:
Blocking Access to Research Pro by IP Address
Editing Customizable Files Using Non-Innovative Programs
Using Scoped Searching in WebPAC
Web Access Management