We are using squid in conjunction with trend micro's IWSS. The documentation outlines how to do this, clients contact IWSS and IWSS uses squid as an upstream proxy server. For reporting reasons, We want to do it the other way around, IWSS are to general for us, Authentication is done vie NTLM. IWSS is running on 8080 and squid on 3128, same box. IWSS is not an ICP proxy and thus the squid doco led me to the following Cach_peer statement: cache_peer 127.0.0.1 parent 8080 7 no-query default Without the no-query and default statements I end up with TIMEOUT_DIRECT warnings. Now all this works ok, except when IWSS detects a virus, in which case, squid Ignore the 403 returned and goes direct instead of displaying the error message 1108522791.283 59 172.16.8.59 TCP_MISS/200 886 GET http://www.trendmicro.com/global/en/images/topnav/tn-partners-over.gif aclark DEFAULT_PARENT/127.0.0.1 image/gif 1108522791.287 57 172.16.8.59 TCP_MISS/200 754 GET http://www.trendmicro.com/global/en/images/topnav/tn-about-over.gif aclark DEFAULT_PARENT/127.0.0.1 image/gif 1108522825.301 141 172.16.8.59 TCP_MISS/200 391 GET http://www.trendmicro.com/ftp/products/eicar-file/eicar.com aclark DIRECT/61.9.129.152 application/octet-stream I know it is getting a 403 from the IWSS as a packet trace has this in its data segment: HTTP/1.1 403 OK Connection: close Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache Date: Wed, 16 Feb 2005 01:49:15 GMT <html><head><title>IWSS Security Event</title></head> <body><script> if( typeof( window.innerWidth ) == 'number' ) {if (window.innerWidth < 10 || window.innerHeight < 10) {self.resizeTo(700,600);}}else if (document.body && (document.body.clientWidth < 10 || document.body.clientHeight < 10)) {self.resizeTo(700, 600);}</script><h1><h1>IWSS Security Event (pthalo.ngv.vic.gov.au)</h1></h1> Access to this URL is currently restricted due to a blocking rule.<BR><BR>URL: <B>http://www.trendmicro.com/ftp/products/eicar-file/eicar.com</B><BR>Ru le: Block URLs of type <B>Virus infected temporary block</B><P>If you feel you have reached this message in error, please contact your network administrator. </body></html> Is this the appropriate method for what we need out of our caching/virus system? Adam