babajaga wrote > It is not their listening port ? I doubt it, how else could you use it ? i check the port using telnet and it is closed. i guess they employ iptables to redirect a certain range of ports to a single port. you are right that DNS rotation is involved, and all sub domains resolve to 3 ip addresses. you can take a look(4323232.xgj.com), if you are interested.you can specify any random sub domain prefix, and they all point to the same 3 ip addresses. i tried the intercept mode and it could get the correct connecting port number in access log (not the real listing port) but i'm wondering if it is possible to capture the proxy address using SQUID? Thanks for your reply -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/how-to-implement-access-control-using-connetcing-hostname-and-port-tp4666818p4666848.html Sent from the Squid - Users mailing list archive at Nabble.com.