I have a whitelist to allow users to access only sites required. We primarily use it for ftp, either through a web browser or filezilla-like clients. The browser based is flawless, but odd behavior with ftp clients. acl whitelist dstdomain "/etc/squid3/whitelist" http_access deny !whitelist Whitelist contains (for testing): gatekeeper.dec.com Here is the result: 1311886691.258 21738 192.168.100.194 TCP_MISS/200 998 CONNECT gatekeeper.dec.com:21 - DIRECT/192.6.29.21 - 1311886757.392 0 192.168.100.194 TCP_DENIED/403 1899 CONNECT 192.6.29.21:51967 - NONE/- text/html As you can see, it changes from using hostname to IP address, which matches nothing in the whitelist, and is denied. If I add the IP to the whitelist, it works perfectly. How can I force it to always use the hostname? IP added to whitelist: 1311887068.133 17458 192.168.100.194 TCP_MISS/200 1919 CONNECT gatekeeper.dec.com:21 - DIRECT/192.6.29.21 - 1311887072.841 124 192.168.100.194 TCP_MISS/200 0 CONNECT 192.6.29.21:51255 - DIRECT/192.6.29.21 - Scott Mace Infrastructure and Security Analyst RenewData 512.276.5500 x 3244 Phone 512.276.5555 Fax 512.299.4439 Cell scott.mace@xxxxxxxxxxxxx http://www.renewdata.com Global in reach. Local in focus. Confidentiality Notice: This electronic communication contained in this e-mail from Scott.Mace@xxxxxxxxxxxxx (including any attachments) may contain privileged and/or confidential information. This communication is intended only for the use of indicated e-mail addressees. Please be advised that any disclosure, dissemination, distribution, copying, or other use of this communication or any attached document other than for the purpose intended by the sender is strictly prohibited. If you have received this communication in error, please notify the sender immediately by reply e-mail and promptly destroy all electronic and printed copies of this communication and any attached document. Thank you in advance for your cooperation.