Good point; I was unclear. What I mean is, when a user follows a proxified
link to a resource, our proxy redirects on-campus users to the actual URL
to enable IP authentication from the vendor. But VPN users remain through
the proxy because otherwise the split tunneling kicks in and the vendor
wouldn't be able to IP-authenticate.

I don't think there's a magic way to intervene if someone's, say, following
a non-proxied link from an email. The Lean Library browser plugin (and
possibly others?) advertises the ability to send a push notification to a
user if they can get access to an arbitrary website via reloading through
the proxy. But the service is $$$ and also you'd need every relevant user
to have the plugin installed on their browser.

One thing we've done lately is provide access to a little bookmarklet that
all it does is reload the current page via the proxy. This is useful for
people who know how and when to use it, but is hardly a panacea.

On Thu, Feb 20, 2020 at 3:03 PM Bob Dougherty <[log in to unmask]> wrote:

> Andreas, I think I misunderstood something you wrote: "our solution is to
> force all connections via the VPN through the proxy."
> Can you "force" a connection through the proxy when it didn't start with a
> proxied web page? Such as the scenarios I mentioned (a link to an article
> found in an internet search or an email)?
> Thanks,
> Bob