On 20/05/2015 8:22 p.m., sp_ wrote: > Hello Amos, > > I still get IP-addresses instead of domain names: > That appears to be because the request are just denied. Not peeked or spliced. When a new TCP connection is intercepted Squid starts with only the IP address. Generates a fake CONNECT request from that detail, and checks http_access for whether to allow/deny that connection. Only if that is allowed will bumping checks begin to take place - during which SNI becomes available. It seems to me that your http_access logic is actively denying the initial CONNECT request when only IP is known. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users