Are you sure the "bad" address is using the Squid server to connect to Secure Sites? In any case, change the acl "badurl" to:
acl badurl dstdomain .bad.site (note the leading period. Leave it off if you don't want to block subdomains.) url_regex is CPU intensive. Chris -----Original Message----- From: Steve Brown [mailto:[EMAIL PROTECTED] Sent: Friday, November 26, 2004 3:15 AM To: [EMAIL PROTECTED] Subject: [squid-users] acl to deny https url from one src addy Hi list, What's the best way to stop a particular IP address from getting access to a https url? I've tried: acl badurl url_regex ^https://bad.site/* acl badaddy src 1.2.3.4/32 http_access deny badurl badaddy and that works for plain http urls, but doesn't for httpS, presumably because of the connect method bypassing the acl? and adding http_access deny CONNECT badurl badaddy didn't fix it. Naturally I'm overlooking something? Steve
