>If I am understanding you right, what you actually want is a whitelist >or blacklist of destinations in the firewall. This would work better >than what Squid can offer with HTTPS. Yes , whitelist would be best for me >In both cases you have the same problems of figuring out and listing >what destination IP/host are to be blocked or allowed. The firewall can >do it far faster and simpler though. I know that firewall can do it - but have hundreds of domains name which need to be resove by dns it overkill my Cisco firewall, for now i have rules by ipv4 and it is higly loaded, but ip for domains changes sometimes and giving many troubles ... I want move that to squid proxy (it would be for me easiest and costless change cause have a lot not used servers) I could try do it with iptables scripts , but want do it by squid