BM36, SSL & SSO auth. A rule defined in the server's container: allowall to an NDS group. The other are denied access. As for
authentication: no complaints. Tried proxy.nlm from bm37fp3b.
Connecting as a non-authorized user:

http://www.unibel.by - 403, access denied, OK.
http://195.50.1.161 - got the page. (www.unibel.by = 195.50.0.161)

Really got, there is a record in the proxy log, corresponding to the
non-authorized user. Anybody can use proxy to access sites by their
addresses, not names.

I wonder if there is the same in a "pure" bm37 + bm37fp3b config?

Eugene.