Hello Squid gurus, I want use Squid with WPAD (DHCP/DNS) proxy autoconfiguration for win clients. Unfortunately there are some services (antivirus), which does not recognizes/are not able automatically configure for proxy and still are accessing HTTP sites directly at port 80. I imagine configuration some as (slightly simplified): squid.conf: http_port 192.168.0.254:3128 http_port 192.168.0.254:3129 intercept acl NormalAccess myport 3128 acl AntiVirusUpd myport 3129 acl AVirUpdSiteIP dst 95.34.11.64/26 http_access allow NormalAccess http_access allow AntiVirusUpd AVirUpdSiteIP http_access deny all iptables at firewall/Squid machine: iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3129 Thus my questions: - is please possible run Squid (at firewall Linux machine) at two different ports, on one as "normal" proxy accessed as proxy by client processess which are able do proxy autoconfiguration, and on other configured in intercepted mode for clients processes which not know proxy autoconfiguration and access internet directly? - is possible distinguish between these two accesses with ACL rules (i.e. from one client machine one sort of processes (browsers, system updates/...) regularly autoconfigure proxy and will access Squid on "normal mode" port and will have e.g. unrestricted access, and second sort of processes with "direct" internet access will be redirected to intercept mode port and will accessing internet transparently - but they will have allowed only e.g one site)? Is "myport" ACL right one for this distinction? Thanks in advance, Franta Hanzlik PS: It would be maybe better solve this with two Squid instances running at different http_port, but there will not be big traffic and I'd better run only one instance for both ports.