Hi all, I am currently trying to setup basic "url/domain level" filtering on HTTPS traffic using an external acl, i can see clearly in the access log that the information i require is there and the external acl finds and filters it as desired, returning the correct response for deny/allow and i can successfully browse https sites that are allowed, however sites that deny_info should redirect to the error page fail and only a browser based error is returned, the error is as follows... in firefox this is all that is displayed: Unable to connect - Firefox can't establish a connection to the server at www.facebook.com. Google is a little more descriptive giving this error: Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error. For the failed denies the access.log shows the following (here trying https version of facebook) 1350442727 17/Oct/2012-13:58:47-EST 770 10.0.1.103 TCP_DENIED 307 408 CONNECT www.facebook.com:443 student1-2008 - text/html A sucessful https browse to an allowed site looks like the following 1350442986 17/Oct/2012-14:03:06-EST 9058 10.0.1.103 TCP_MISS 200 24489 CONNECT play.google.com:443 student1-2008 play.google.com im not sure which bits from my conf are useful as for the most part its all the same as when im not bothered by https, which could be my problem, but the line responsible for the checking is : adapted_http_access deny !request_policy_check_acl and the deny info catching it is: deny_info URL request_policy_check_acl If these arent enough im happy to post more conf lines im just not sure which ones may be of interest or more likely which ones are missing If anyone has any clue about this error id love to hear it Cam