On 08/14/12 5:38 PM, Gregory Machin wrote: > Good point unless its intercepting the ssl stream. there are ways of > doing ithttp://wiki.squid-cache.org/Features/SslBump but its dodgy .. the only method I know that works consistently is to block all direct web and ssl access and force use of a web proxy, so the SSL is between the remote server and the proxy server, which is your security gateway. users don't like this. the various uPNP type methods of autoconfiguring web proxies are all dodgy. mobile device users frequently have issues. -- john r pierce N 37, W 122 santa cruz ca mid-left coast