As far as non-proxy solutions go, I think full tunnelling would probably be
the only option that I can think of that would reliably allow
IP-authenticated access to an arbitrary resource. I suppose some vendors
might allow shibboleth or similar authentication at their site depending on
how your subscription is configured, but that doesn't seem like it'd be a
super convenient option to me.
On Thu, Feb 20, 2020 at 3:11 PM Andreas Orphanides <[log in to unmask]>
wrote:
> Good point; I was unclear. What I mean is, when a user follows a proxified
> link to a resource, our proxy redirects on-campus users to the actual URL
> to enable IP authentication from the vendor. But VPN users remain through
> the proxy because otherwise the split tunneling kicks in and the vendor
> wouldn't be able to IP-authenticate.
>
> I don't think there's a magic way to intervene if someone's, say,
> following a non-proxied link from an email. The Lean Library browser plugin
> (and possibly others?) advertises the ability to send a push notification
> to a user if they can get access to an arbitrary website via reloading
> through the proxy. But the service is $$$ and also you'd need every
> relevant user to have the plugin installed on their browser.
>
> One thing we've done lately is provide access to a little bookmarklet that
> all it does is reload the current page via the proxy. This is useful for
> people who know how and when to use it, but is hardly a panacea.
>
> On Thu, Feb 20, 2020 at 3:03 PM Bob Dougherty <[log in to unmask]> wrote:
>
>> Andreas, I think I misunderstood something you wrote: "our solution is to
>> force all connections via the VPN through the proxy."
>>
>> Can you "force" a connection through the proxy when it didn't start with
>> a proxied web page? Such as the scenarios I mentioned (a link to an article
>> found in an internet search or an email)?
>>
>> Thanks,
>>
>> Bob
>>
>
|