I may be missing something here, but it looks like ACL processing is broken for at least some HTTPS requests in 3.2.
Example configuration: acl useparent dstdomain domain.com cache_peer 172.25.2.70 parent 8080 0 no-query name=parent01 connection-auth=off cache_peer_access parent01 allow useparent cache_peer_access parent01 deny all # Included to see if it made any difference always_direct deny useparent always_direct allow all Access over HTTP goes to the parent as expected, but HTTPS assess does not: 1345310649.623 644 10.0.0.1 TCP_MISS/200 8055 GET http://www.domain.com/ - FIRSTUP_PARENT/172.25.2.70 text/html 1345310544.835 8536 10.0.0.1 TCP_MISS/200 3580 CONNECT www.domain.com:443 - HIER_DIRECT/172.25.2.34 - Also tried adding: cache_peer_access parent01 allow CONNECT useparent but it made no difference. Build options: Squid Cache: Version 3.2.1 configure options: '--prefix=/usr/local/squid' '--infodir=/usr/local/info' '--mandir=/usr/local/man' '--enable-async-io' '--enable-removal-policies=heap,lru' '--disable-wccp' '--disable-wccpv2' '--disable-ident-lookups' '--enable-linux-netfilter' '--with-large-files' '--disable-snmp' '--disable-htcp' '--disable-ipv6' 'CFLAGS=-pipe -Wall -O2 -fomit-frame-pointer -march=native -s' 'CXXFLAGS=-pipe -Wall -O2 -fomit-frame-pointer -march=native -s' 'PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:/usr/lib64/pkgconfig' Any suggestions, or this a bug in 3.2? Andrew