Come to think of it, I believe I setup the Protocol Rule to allow any request. I setup the Content Rule to only allow a certain user / group to access a specified destination. Because I setup IE to be a Web Proxy Client, shouldn't that have used the user crendentials to gain access to the specified destination? When I tried to access any destination that wasn't specified (as per the Content Rule) it was refused (as it should), but again for some reason it shows up as an anonymous access. ???