Hi I am using Centos 5, Squid Cache: Version 2.6.STABLE6 and my local lan network is 192.168.10.0/24. More than 150 users are concurrently accessing the squid proxy server. Following is my requirement 1) Access to all http sites 2) Access to only selected https sites like redhat.com ,paypal.com and all other https sites should be denied . Following is my squid.conf ---------------------------- http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 443 # https acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # wais acl Safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 192.168.10.0/24 192.168.20.0/24 acl myhttps dstdomain .redhat.com http_access allow our_networks http_access deny our_networks SSL_ports !myhttps http_access deny our_networks http_access deny all http_reply_access allow all icp_access allow all visible_hostname myoffice coredump_dir /var/spool/squid ---------------------------------- >From the above configuration, the problem i am facing here is that all the https sites are accessible to the users. even if i had allowed only 'myhttps' . Is it possible to block specific https sites as per my requirement? Also Is it neccesary to define prot 443 in both SSL_ports as well as Safe_ports? When i remove 443 from Safe_ports, i am not able to access any https sites. Thanks for any help Regards Shiva Raman . SysAdmin