UC Berkeley Library Proxy Server Service: FAQ

Current UC Berkeley students, faculty, and staff may use the proxy server. This includes emeritus faculty, as well as unregistered students and Post-Docs affiliated with a UC Berkeley department who have a current UC Berkeley Student ID.

Who should use the proxy server?

If you use a third party Internet Service Provider (e.g. AOL, Earthlink, PacBell) via DSL, cable, ISDN, or regular modem, and you want to access licensed Library web-based resources (electronic journals, indexes, etc.) from off campus.

When do I use the proxy server?

Once you configure the browser to run the Automatic Proxy Configuration, it will be engaged automatically when needed. You will not have to decide when the proxy server is to be used.

What are the minimum requirements to use the proxy server with my home computer?

A browser that supports an Automatic Proxy Configuration feature is required. Recent versions of Netscape and Microsoft Internet Explorer support this functionality. Netscape 2.x is the earliest such Netscape, and Explorer 3.x is the earliest such Internet Explorer that can be used. Netscape 4.7 and Internet Explorer 5.5 SP2 have been used successfully in recent years. Both Netscape 6 and Internet Explorer 6 support Automatic Proxy Configuration and can be used if available for your machine make and operating system.

Will using the proxy server slow down my connection?

The proxy server will only be used when you attempt to access a page that requires a UCB IP Address. Once you gain permission to access the site, the proxy server will not perform any actions that use your bandwidth. In other words, it should not affect your download times at all.

Can I use the proxy server from behind a firewall?

Firewalls may cause problems for browsers that run Automatic Proxy Configuration. Many companies have firewalls to prevent outsiders from accessing their intranet, and if your connection is behind such a firewall, you may not be able to use the proxy service. Some ISP's use firewalls or caching servers to minimize the amount of data their servers have to obtain from sites on the internet, thus increasing their apparent speed. If your ISP provides connections from behind a firewall or caching server, your browser may not be able to engage the Library's proxy server. In such a case, you may wish to find a different ISP.

As internet security has become a major problem, many users are choosing to run personal firewalls on their own systems. Some users have implemented firewall products such as Black Ice, Zone Alarm, and Symantec without negatively effecting their use of the proxy service. However, it is possible that the presence of a personal firewall may interfere with the browser's ability to access the proxy service.

If your browser is clearly configured correctly but fails to engage the proxy service, the failure may be due to the presence of a personal firewall. If you are willing to run your system without the firewall, you may be able to determine whether this is the problem by turning the firewall off.

The Library currently is unable to provide recommendations for configuring personal firewall hardware or software.

To what kind of resources do I have access when I use the proxy server?

In general, any electronic resources licensed by the UC Berkeley Library are available. This includes resources from the California Digital Library (CDL) and the Electronic Reference Resources page on the Library's home page. Please note: only web-based resources are available through the proxy server.

What about CDL passwords? Do I need a CDL/Melvyl password?

The proxy server eliminates the need for a CDL password for web-based resources. If you connect to the CDL through telnet or EndNote, you may still need a CDL password.

Where do I get a Library ID?

If you're a student, your Library ID is your Student ID number. If you're staff or faculty, you're Library ID is either your Employee ID or, if you're still using the old-fashioned Library Card, the number (beginning with the letter "L") on the back of your Library Card. (For newly hired faculty and staff, the Library ID defaults to your Employee ID.) If there is any question about which ID is on record in the Library's files as your Library ID, please inquire at the Privileges Desk in Doe Library (510-642-3403).

Keep in mind that the CalNet ID is your campus-wide personal identifier and may not be the same as your Library ID. You may use the CalNet ID, however, to authenticate if you have configured your browser to use the CalNet-authenticating proxy server.

Return to top

Browser Configuration

How do I configure the browser to use the proxy server?

Complete instructions for setting up the browser to use either the CalNet-authenticating proxy server or the conventional PIN-authenticating proxy server can be found on the Configuration Instructions page.

How do I find out what version of Netscape or Internet Explorer I have?

In the browser's menu bar, click on Help and then select About Netscape or About Communicator for Netscape, and About Internet Explorer for Internet Explorer. This will bring up a screen that will tell you what version you are running.

If I have two browsers installed on my computer, do I have to configure both of them?

If you plan on using both browsers to access licensed Library resources, then you should configure both browsers. Configuring one browser will not automatically configure the other one.

Do I have to configure my browser every time I surf the web?

No. Once you've configured your browser, the setting will be saved within your browser.

How do I disengage the Automatic Proxy Configuration setting from the browser?

If you feel you no longer need to use the proxy server, you can easily disengage the the Automatic Proxy Configuration setting.

For Netscape, go to Edit Preferences, select "Proxies" (after expanding "+Advanced"), and click on "Direct connection to the Internet." You do not have to remove the URL from the "Configuration location" window.

For Internet Explorer, go to Tools and then Internet Options, then under the "Connections" tab, either under the "Dial-up settings" or "LAN settings" area (depending on how you initially configured Internet Explorer for the proxy server), click on "Automatically Detect Settings" and remove the check from the checkbox labelled "Use automatic configuration script." Once again, you do not have to remove the actual configuration URL from the window.

With Internet Explorer 6, it seems to be necessary also to remove the cached copy of the proxy.pac configuration script from the browser's cache or "Temporary Internet Files". To do this, go to Tools and then Internet Options, where you should see "Temporary Internet Files" about a third of the way down in the dialog box. Select "Settings", and from the "Settings" dialog box select "View Files". Find the file named "proxy.pac" and delete it. Then close that window and click "OK" in the "Settings" dialog box and again "OK" in the "Internet Options" dialog box.

Once you disengage the proxy setting, you will be unable to access any UC Berkeley Library licensed resources.

Where do I obtain a copy of either Netscape Communicator or the Internet Explorer browser?

Netscape Communicator (all platforms)
Internet Explorer (Microsoft Windows only)

If two people share one computer, would the other person be able to use the proxy service, too?

If your computer is accessible to other people in your household or off-campus work site, you should take precautions to ensure your proxy-enabled browser is not available for them to use. Otherwise, some other person, logged in to the proxy server as you, will be able to access licensed materials. To avoid this kind of compromise, merely exit your browser session. When the browser is started again, you will be required to authenticate to the proxy server before accessing licensed materials.

Please note: Once you've configured your browser, the setting will be saved within your browser. Certain versions of Netscape also have a User Profile Manager utility that will allow you to create multiple user profiles. See Netscape's Help Pages for detailed explanations and instructions on using the User Profile Manager.

What if I need to use another proxy server? How do I configure the browser?

Unfortunately, you would need to reconfigure your browser every time you need to switch proxy servers. Certain versions of Netscape also have a User Profile Manager utility that will allow you to create multiple user profiles. See Netscape's Help Pages for detailed explanations and instructions on using the User Profile Manager.

Return to top

Using The Proxy Server

When I try to access a website, I get prompted for a username and password. What do I use?

To ensure that only authorized people use the proxy server, you will need to "authenticate" yourself (viz., "log in") to the proxy server before you use a licensed resource. The proxy server will automatically prompt you to authenticate when you first attempt to access one of the Library's licensed resources.

If you have configured your browser to use the Library's CalNet-authenticating proxy server, you will need to authenticate with your CalNet ID and its associated Kerberos passphrase. Once authenticated, your session will be considered valid and you will not be asked to authenticate again for 12 hours. Closing and then re-openning the browser will not alter its authenticated status: If you wish to invalidate your browser with respect to the CalNet-authenticating proxy server, point your browser to this URL:

http://proxy.lib.berkeley.edu:7777/logoff

If you have configured your browser to use the Library's conventional PIN-authenticating proxy server, you will need to authenticate with your Library Card number, which serves as your username, and a four-digit PIN (Personal Identification Number).

NOTE: Historically the PIN has been the last four digits of your Social Security Number. However, as of August 25, 2005 the Library begins to remove all Social Security Numbers from its patron database. If the last four digits of the SSN no longer work when attempting to authenticate to the PIN-authenticating proxy service, then use the four digits consisting of your date of birth in MMDD format. For example, if your birthday is June 3, your PIN will be 0603. If your birthday is November 23, your PIN will be 1123. Please note that Visiting Scholars and any others for whom Library records do not list a birthdate or a Social Security Number will need to go to or otherwise contact the Privileges Desk in Doe Library (phone 510-642-3403; email privdesk@library.berkeley.edu) and establish a custom PIN for their Library Card. Visiting Scholars and others who may already have established a custom PIN should be able to continue using that PIN with no changes necessary.

Once authenticated, your session will be considered valid and you will not be asked to authenticate again for 24 hours. Closing and then re-openning the browser will indeed clear its authenticated status with respect to this proxy, so that after openning a fresh browser session, you will be asked to authenticate the first time you access a licensed resource.

If I have AOL, will it work with the Proxy Server?

Yes. However, AOL uses a proprietary browser that may not be configured to run through a proxy server. You should download Internet Explorer or Netscape and configure either for the Library's Proxy Server.

How do I find out if a resource can be accessed through the proxy server?

Which resources are unavailable through the proxy server?

See the List of Resources Unavailable Through the Proxy Server.

Why does the proxy server sometimes prompt me for a username and password even when I'm not accessing a licensed library resource?

Many professional databases and similar resources use several servers within the same internet domain to provide their services. In such cases, the Library proxies for the entire domain to ensure that every part of such resources are available to the campus community.

It is also true that the Library often licenses several electronic resources that are served from the same internet domain. In an effort to keep the automatic proxy configuration script from becoming extremely large, the Library often proxies the entire domain which serves them all, so that only one record is needed in the configuration script rather than several.

Unfortunately, sometimes sites which are available freely to the public and would not require the proxy are served from within the same internet domain as sites which require a license. Therefore, if your browser is configured to use the proxy server, you may be asked to authenticate to the proxy server to access such a site, even though the site would be available to a browser not configured to use the proxy.

We apologize for the inconvenience this may inflict upon our users. However, if for some reason you object strongly to authenticating to the proxy service in such cases, you may remove the proxy configuration from your browser before attempting to connect to such sites and thus avoid having to enter your Library credentials.

Return to top

Issues Specific to the CalNet Authenticating Proxy Server

Why do I see warnings about going from secure to insecure (and vice versa) connections while undergoing authentication with the AWS?

Authentication via the CalNet proxy server is a rather complex process involving several redirections of your browser. First, when the proxy server determines that you need to authenticate, it redirects your browser by way of a secure connection (viz., one utilizing the HTTPS protocol) to the AWS "Authentication Web Server." If your browser is set to warn you upon entering a secure environment, you see such a warning at this point. Then, when you have successfully entered your CalNet ID and passphrase, the AWS redirects your browser back to a location on the proxy server which processes the encrypted data returned to it from the AWS. This redirection may also generate a warning. Finally, if the proxy server determines that you are eligible to use its service, it redirects your browser to the resource which you requested, whereupon a final warning may occur.

You need not worry about these messages. The only exchange of confidential information takes place when you enter your CalNet ID and passphrase on the AWS form, and that exchange is encrypted and highly secure. Furthermore, that information is seen only by the campus's AWS server and is not transmitted back over the internet to the proxy server or anywhere else, so your confidential information cannot be observed by any unauthorized third party.

Why do I have trouble using my browser's "Back" button beyond the AWS authentication screen?

When you have successfully entered your CalNet ID and passphrase on the AWS authentication form, the AWS sends an encrypted parcel of data (which does not, of course, contain any confidential information) back to the proxy server to indicate that you have indeed authenticated. Unfortunately it has to do this in such a way that, if you try to use your browser's "Back" button to go back to a page you visited before authenticating to the AWS, you get a message such as this:

Missing Data

This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to recreate the document by pressing the reload button.

Persistent banging on the "Back" button may in fact get you beyond this roadblock, but it may not, all depending on your browser and what pages it has visited. Whatever you do, do not hit the "Reload" button. Netscape users may have better luck using the "Go" pulldown at the top of the browser; Internet Explorer users may find the little arrow pulldown next to their "Back" button helpful.

The programmers at the campus's System and Network Security group, who support the "CalNet Authentication Web Server (AWS)," deliberated for many weeks and were unable to find a way to avoid this problem. We apologize for this inconvenience.

Why do I sometimes see a form with a "Connect to Resource" button after I have authenticated to the AWS?

In order to use the Authentication Web Server (AWS) for CalNet authentication (as we have been asked to do by the campus System and Network Security group), the proxy server must use a technique called browser redirection. First the browser is redirected to the AWS form, and when you have successfully authenticated there, the AWS redirects the browser yet again. Usually after you have authenticated to the AWS, the AWS redirects your browser straight to the resource you initially requested. However, under two different circumstances, the CalNet proxy server displays a form with a "Connect to Resource" button instead:

A few resources spawn a new browser window when they are invoked. These are, most notably, the Webspir/SilverPlatter and the Biblioline databases. When these applications spawn their new browser window, what is left on the original browser window can cause a number of problems (e.g., a looping condition in which the browser makes an endless cycle of connections to the AWS). By displaying the form with the "Connect to Resource" button on the original browser window, we avoid those problems. However, this leaves either the "Connect to Resource" form (in the case of SilverPlatter) or the AWS authentication form (in the case of Biblioline) on the original browser window. Use your browser's "Go" button or the arrow adjacent to the "Back" button to navigate your way out of the form left on the original browser window.
When authentication takes place while you're in the midst of a search operation, you may be returned to a "Connect to Resource" form if the resource sends its search parameters using the "POST" method of data transmission. Since "POST" data gets lost in simple browser redirection, this is how the proxy server preserves your original "POST" request over the process of authentication.

What do I do when I am asked to authenticate while accessing a resource which uses frames?

If authentication becomes necessary while you are working with a resource which uses frames, the AWS authentication form will be displayed within one of the resource's frames. Generally this is no problem, but sometimes the AWS is displayed in a short or a narrow frame in which it is hard to read. Please do not be perturbed: You can usually adjust the dimensions of the frame by dragging the frame's boundaries with the mouse. Alternately, you can use your "Tab" key to move from one field to another within that frame. It will work, even though it may be ugly.

Return to top

Problems Using The Proxy Server

I have Internet Explorer running on a Mac. Why can't I use the proxy server?

No version of Internet Explorer for the Macintosh, including IE 5.0, has the "Automatic Proxy Configuration" capability. It is not likely that Microsoft will address this problem. We suggest you download Netscape if you want to use the proxy server.

When I configure Netscape to use the proxy server on my Mac, the machine crashes. What can I do?

Netscape 4.x crashes on the Macintosh (but only on the Macintosh) when configured to use the proxy server. The cause for this seems to be an unpublished limitation on the size of the proxy server automatic configuration script in the Macintosh implementation of Netscape 4.x. Evidently around July of 2001 the number of resources listed in our automatic configuration script (from URL http://proxy.lib.berkeley.edu/proxy.pac) caused the size of this file to exceed this unforeseen limitation.

If your Macintosh runs MacOS 8.6 or later and has at least 64MB of memory (RAM), you can avoid this problem by installing Netscape 6.x or the current Mozilla.

If your Macintosh is not capable of running the more modern browsers, you can continue to use Netscape 4.x by configuring it to use a shortened version of the automatic configuration script at URL

http://proxy.lib.berkeley.edu/small.pac

(for the conventional PIN-authenticating proxy server) or

http://proxy.lib.berkeley.edu/smcalnet.pac

(for the CalNet-authenticating proxy server). If the resources you need are not available via these shortened configuration scripts, please submit the Proxy Server Problem Report Form and we'll try to accommodate your needs.

I have configured my browser to use the proxy server, but the proxy server does not prompt me for my username and password. What's wrong?

The most common reason that the proxy server may not prompt you to authenticate is a mistake in following the configuration instructions. Please be sure that you have followed the instructions faithfully and that you have entered the configuration URL correctly. If you are a DSL or cable user and are configuring Internet Explorer, be sure you configure IE as for a LAN connection rather than a dial-up connection.

If you are certain that you have followed the instructions correctly, then please consult our Troubleshooting Checklist. If unable to find a solution there, you can contact us by submitting the Proxy Server Problem Report Form.

The proxy server prompts me for my username and password, but when I enter them, it tells me I'm not authorized. What's wrong?

First of all, be sure you're being asked for username and password by the proxy server and not by some other server. If your browser is configured to use the CalNet authenticating proxy server, you will be asked to enter your CalNet ID and passphrase on the "CalNet Authentication Web Server (AWS)"; if your browser is configured to use the Library's conventional PIN-authenticating proxy server, you will be asked to enter your username and password in a dialog box bearing the text, "Proxy authentication required for UC Berkeley Library Proxy Server" or "Enter username and password for proxy at proxy.lib.berkeley.edu" or something like that (depending on which browser you use).

If you see any other text in the dialog box or webpage where you are being asked for username and password, then it is not the Library's proxy server prompting you to authenticate. If indeed you have been trying to access one of the Library's licensed resources, you may not have your browser configured correctly for the proxy service and are being asked to authenticate by the vendor's server to which you almost certainly are not a subscriber. Hence your UC Berkeley username and password are rejected.

On the other hand, if you are being prompted by the Library's proxy server and your username and password are being rejected, then either your Library privileges have expired or your affiliation with UC Berkeley does not warrant proxy server access. Only current UC Berkeley students, faculty, and staff may use the proxy server. This includes emeritus faculty, as well as unregistered students and Post-Docs affiliated with a UC Berkeley department who have a current UC Berkeley Student ID. For questions regarding your eligibility for Library services, please contact the Privileges Desk in Doe Library (510-642-3403).

I followed the configuration instructions correctly. Why am I still unable to access a licensed resource?

If you have configured your browser correctly to use the proxy server, then you should find nearly all the Library's licensed resources easily accessible. Some resources, however, are not available by way of the proxy server:

The resource may not permit access through a proxy server. See the List of Resources Unavailable Through the Proxy Server.
The proxy server supports access to web-based resources only. You may be attempting to access a resource that is based on some other internet protocol. For example, if you connect to the CDL through telnet or EndNote, you will still need a CDL password. SciFinder Scholar is another internet resource which is not web-based and for which the proxy server provides no support.

Return to top

Copyright (C) 1999-2006 by The Library, University of California, Berkeley. All rights reserved.
Document maintained on server: http://proxy.lib.berkeley.edu/
Last update 8/19/2005. webmaster@proxy.lib.berkeley.edu