Hello, I've been asked to apply some (regex) ACLs on what people can surf - here, in order to protect against malware. My ACLs work fine for non-encrypted transfers, but are ineffective for SSL transfers. In the FAQ (?) I've read that using CONNECT makes Squid only pass bytes to and fro, being totally unaware about what it's doing there. I see the conflict about breaking end-to-end security and invading privacy on one side, and a requirement to keep malware out which could sneak in via SSL transport. If anyone has an idea on how to tackle this, I'd be glad to hear (and no, I don't want to go for Cisco "content security" or some such). TIA! Best, --Toni++