OK thanks a lot for your "lights" , I think the easyiest way for me would be protocol filtering done by the firewall ...
This is also the most secure. I personally do not let squid handle the CONNECT. IMHO, this is too easy to be abused. I use a pac file that forces CONNECT to be direct access only. ---
Logger: Taking control of system logs. http://freshmeat.net/projects/slogger/
