Freeport HS discovered an odd bug with Safari not blocking HTTPS sites under the following conditions: 1. System is configured to automatically detect proxy settings using WPAD or manually configured to use a WPAD script. 2. Force MECguard SSL is not checked The issue was hard to track down because the HTTPS requests will get logged by MECguard as blocked, but go through fine on the host. After some digging we discovered that Safari incorrectly makes requests to both the proxy server and a direct request instead of only making a proxy request and will prefer the direct request if it gets a response. The result is that pages appear to get blocked in the log, but are allowed through to the user. Checking the "Force MECguard SSL" option for the group prevents Safari from being able to complete the direct request and will make it use the proxy. This with the current version of Safari. I'm not sure if previous versions act the same way, but I highly suspect they do and this is an Apple "feature" to avoid interrupting browsing from broken proxy configuration scripts. Firefox and Chrome work correctly and use the proxy only every time. Note that if using MECguard SSL you should be using the Force option as any technical student will be able to get around the filter unless it's forced, so this issue is really something you might encounter during testing or transition to MECguard SSL. -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/