Solved. This behavior was caused by Windows Firewall under Windows 7 at the client machine. Reset the firewall to its default settings and the issue was resolved. -----Original Message----- From: Iain Lopata [mailto:ilopata1@xxxxxxxxxxx] Sent: Tuesday, August 23, 2011 11:20 AM To: squid-users@xxxxxxxxxxxxxxx Subject: http -> https transitions timeout I am new to Squid, so please be patient with me. I have searched the documentation and user forums for an answer to my problem. It may well me out there, but I cannot find it. I am running Squid 3.0 with Dansguardian on an Ubuntu server on my home network. Squid is configured as a transparent proxy. I have iptables rules on my router to redirect http (Port 80) traffic to the Ubuntu server [192.168.0.199] as follows: iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s 192.168.0.199 iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80 ip rule add fwmark 3 table 2 ip route add default via 192.168.0.199 dev br0 table 2 I then have iptables rules on the Ubuntu server to redirect http traffic to port 8080, which is where Dansguardian is listening. The rule is: iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080. It is my intent that https requests (on port 443) should not go through the proxy server. This all works well. Every computer on the network has its access routed through Dansguardian and Squid. Users are able to browse the web. I can see all of the access requests in access.log (and filter requests using Dansguardian). However, there is one type of request that is a problem ? switches from http to https. I will illustrate by example. If a user goes to http://www.linkedin.com the page is returned successfully. If they are not signed in, there is a link in the top left of the menu bar that says to ?Join Today?. This is a straightforward (non-javascript) html link to https://www.linkedin.com/secure/register?trk=hb_join. ; Note this is https. If a user clicks on this link, the connection times out (Response 504). However, the address bar in the browser changes to the https url. If the user then refreshes the page they can reach it successfully. This problem is not unique to linkedin.com but appears to occur on all http -> https transitions, including those caused by a 302 redirect. If I bypass Squid by changing the iptables, the problem disappears and users can switch between http and https pages without problems. I have checked the Squid logs and the request for the https page does not appear in the log. This is as expected, since my iptables are not redirecting port 443 traffic to the proxy server. Any pointers on how to resolve this would be greatly appreciated. Thanks