Hi, I'm hoping somebody can help me here, because I'm at a loss about what to do next. Basically we have squid running as a proxy server to restrict access to just those sites which we've included in our ACL's I have noticed recently that it isn't handling HTTPS reqests properly if the URL contains an IP address instead of a domain name. The reason this is a particular problem is that although the users can connect to the page using the domain name, something within that domain is then forwarding requests to the same web-server using its IP address. I'm sure I have my ACL's setup correctly because squid will forward the request using either URL if I send the requests using HTTP. It then times out on the web-server because it only allows https, but at least the request is being forwarded to the web-server rather than being denied in squid Here's an extract from the logs that might explain it better :- 158.41.4.44 - - [04/Dec/2009:15:56:47 +0000] "GET http://stpaccess.marksandspencer.com/ HTTP/1.1" 504 1024 TCP_MISS:NONE 158.41.4.44 - - [04/Dec/2009:15:57:02 +0000] "CONNECT stpaccess.marksandspencer.com:443 HTTP/1.0" 200 7783 TCP_MISS:DIRECT 158.41.4.44 - - [04/Dec/2009:16:01:53 +0000] "GET http://63.130.82.113/Citrix/MetaFrameXP/default/login.asp HTTP/1.1" 504 1064 TCP_MISS:NONE 158.41.4.44 - - [04/Dec/2009:16:03:13 +0000] "CONNECT 63.130.82.113:443 HTTP/1.0" 403 980 TCP_DENIED:NONE And config extracts: acl SSL_ports port 443 563 444 acl Safe_ports port 80 8002 23142 5481 5181 5281 5381 5481 5581 5400 5500 # http acl Safe_ports port 23142 # OPEL project acl Safe_ports port 21 # ftp acl Safe_ports port 443 444 563 # https, snew#s acl CONNECT method CONNECT acl regex_ms dstdom_regex -i "/home/security/regex_marksandspencer.txt" acl urlregex_mands url_regex -i "/home/security/regex_marksandspencer_ip.txt" acl mands_allowed_nets src "/home/security/mands_allowed_nets.txt" http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow regex_ms mands_allowed_nets http_access allow urlregex_mands mands_allowed_nets http_access deny all There are actually a lot more ACL's than this, but these are the only ones I think are relevant relevant extracts from files linked to ACLs: regex_marksandspencer.txt .*marksandspencer.*com regex_marksandspencer_ip.txt .*.63.130.82.113 Thanks for any help. Kevin,