As far as non-proxy solutions go, I think full tunnelling would probably be the only option that I can think of that would reliably allow IP-authenticated access to an arbitrary resource. I suppose some vendors might allow shibboleth or similar authentication at their site depending on how your subscription is configured, but that doesn't seem like it'd be a super convenient option to me. On Thu, Feb 20, 2020 at 3:11 PM Andreas Orphanides <[log in to unmask]> wrote: > Good point; I was unclear. What I mean is, when a user follows a proxified > link to a resource, our proxy redirects on-campus users to the actual URL > to enable IP authentication from the vendor. But VPN users remain through > the proxy because otherwise the split tunneling kicks in and the vendor > wouldn't be able to IP-authenticate. > > I don't think there's a magic way to intervene if someone's, say, > following a non-proxied link from an email. The Lean Library browser plugin > (and possibly others?) advertises the ability to send a push notification > to a user if they can get access to an arbitrary website via reloading > through the proxy. But the service is $$$ and also you'd need every > relevant user to have the plugin installed on their browser. > > One thing we've done lately is provide access to a little bookmarklet that > all it does is reload the current page via the proxy. This is useful for > people who know how and when to use it, but is hardly a panacea. > > On Thu, Feb 20, 2020 at 3:03 PM Bob Dougherty <[log in to unmask]> wrote: > >> Andreas, I think I misunderstood something you wrote: "our solution is to >> force all connections via the VPN through the proxy." >> >> Can you "force" a connection through the proxy when it didn't start with >> a proxied web page? Such as the scenarios I mentioned (a link to an article >> found in an internet search or an email)? >> >> Thanks, >> >> Bob >> >