Hello, Ive been advised by Amos in past postings that having transparent SSL manipulation with SQUID is not possible, agreed. However I need to be able to _somehow_ have an allowed list of ssl sites specific to each LAN user (based on private IP or MAC) that he/she can access. Again this has to be with squid configured as transparent, and not with a pac file or settings in a browser. If squid definately cannot help here, I thought of a way to then take my list of SSL enabled sites (gmail.com for example) and resolve the domain to an IP and then add it in a firewall so that X user has access to port 443 on that firewall. However the downside to this is that if gmail changes the IP (which they will) the firewall rule which is static would need an update. Other a lot more complicated way would be for a packet sniffer on the outgoing DNS connection soliciating the access to enabled ssl site and then immediately create a firewall rule for that. What is the best practice? Thank you. - Andres
