University Library IP triggering captcha

Issue:
A single IP in our IP range is triggering Cloudflare’s captcha test. This would not be a problem normally, but:

This IP belongs to a system that allows our students remote access to Library material and uses a system called EzProxy, which is not compatible with captcha systems since it changes the URL causing the captcha not to load properly and users cannot complete the test.

Our students can access material belonging to publishers not on Cloudflare servers, but are blocked when they try to access, for example, Cambridge Core, which is on IP 104.16.56.52 (Cloudflare IPs as indicated in the documentation)

What we know

  • Traffic coming from the same system, but from another server / IP (staging) does not trigger the captcha challenge for the same website, and the content would be accessible
  • The traffic that gets challenged comes from a dedicated server. This IP is the source of a large amount of traffic. 10 Students might be accessing material from the same publisher at the same time, via the same ip.
    *EzProxy is a well known system in the industry. The IP is part of the IP addresses known to the publishers.
  • While the system has been operating for around a decade, the IP has changed 3 months ago after we migrated to a new, more secure and reliable server. Early captcha signs in the log started appearing early January.
    *The IP used for EzProxy is part of Surf, the network belonging to Dutch Higher Education.

Our theory
We believe that the publisher / owners of the servers or website should whitelist the IP address in their Cloudflare settings, as indicated in the documentation here in Cloudflare.
We are in contact with the publishers, but their first line of support is not familiar with the issue, and sometimes even their technical team is confused.

The Question
Is our theory correct? Are we overlooking something? Is it something we are causing? Is there something else we could be doing?

Thank you

Have you run that single IP address through Inspect an IP | Project Honey Pot

If it passes, then you should work with the publisher to open up access for that IP address.

This topic was automatically closed after 30 days. New replies are no longer allowed.