Hi folks, I am using Squid version 2.5.STABLE4-20040212 on redhat linux 9. My current ACL rules are at the end of this mail (with line numbers): What I am trying? I am trying to block access to some sites (i.e. porn, jobs etc) by IP Address group. For url filtering i am using regular expression matching acl. eg. acl porn url_regex -i "/usr/local/squidGuard/porn" [Line no. 9] Here /usr/local/squidGuard/porn file contains single line key worlds. At line no 34 http_access is being denied for any urls listed in porn file (ex. jobs, sex etc) http_access allow porn Now, here is an acl for my entire network [LAN] acl NetUser src 192.168.0.0/16 [Line No 41] #Allowing Web browsing from my local LAN IP's only http_access allow NetUser [Line No 57] As per above ACL's all my LAN user can browse Internet via Squid & get blocked when tries to access restricted sites (site listed in porn file). Everything is working fine and as per my requirement. But, now if i want to form a group of users (by IP Address) by their access rights i.e. power user have no restriction at all (URL should be blocked by porn ACL ?), Normal users have full restriction (which can time be bound also). I have tried to give some user un-restricted privilege fro web browsing (URL shouldn't be blocked by porn ACL. 53 #Un-RE-RESTRICTED INTERNET USERS 54 #acl PWR-NET src 192.168.0.197 192.168.0.54 55 #http_access allow PWR-NET porn Therefore, please suggest how to create acl's for this type of requirement i.e. Some other users can access all site without restriction others can't access restricted sites. In other word how could i restrict some range of IP's from LAN to not able to access web e.g. IP Address from 192.168.0.1 to 192.168.0.100 can access Web Rest can't able to access web. After range blocking, url blocking, authentication and other acl should come under picture after that. Thanks for your help. Regards, navneet Note: if i missed something or you want any more information please revert back asap. 1 auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/password 2 3 auth_param basic realm Squid proxy-caching web server 4 auth_param basic credentialsttl 2 hoursnimum configuration: 5 6 7 8 #Recommended minimum configuration: 9 acl porn url_regex -i "/usr/local/squidGuard/porn" 10 acl all src 0.0.0.0/0.0.0.0 11 acl manager proto cache_object 12 acl localhost src 127.0.0.1/255.255.255.255 13 acl to_localhost dst 127.0.0.0/8 14 acl SSL_ports port 443 563 15 acl Safe_ports port 80 # http 16 acl Safe_ports port 21 # ftp 17 acl Safe_ports port 443 563 # https, snews 18 acl Safe_ports port 70 # gopher 19 acl Safe_ports port 210 # wais 20 acl Safe_ports port 1025-65535 # unregistered ports 21 acl Safe_ports port 280 # http-mgmt 22 acl Safe_ports port 488 # gss-http 23 acl Safe_ports port 591 # filemaker 24 acl Safe_ports port 777 # multiling http 25 acl CONNECT method CONNECT 26 27 #AUTHENTION REQUIRED 28 acl auth proxy_auth REQUIRED 29 30 31 # Only allow cachemgr access from localhost 32 http_access allow manager localhost 33 http_access deny manager 34 http_access deny porn 35 # Deny requests to unknown ports 36 http_access deny !Safe_ports 37 # Deny CONNECT to other than SSL ports 38 http_access deny CONNECT !SSL_ports 39 40 41 acl NetUser src 192.168.0.0/16 42 #acl sucker src 192.168.0.139 192.168.0.161 192.168.0.153 43 acl test src 192.168.0.151 192.168.0.139 192.168.0.161 192.168.0.153 44 acl data src 192.168.0.242 45 46 #denying access by IP Address: 47 http_access deny test 48 49 #Authenticating user by IP Address 50 http_access allow data auth 51 52 53 #Un-RE-RESTRICTED INTERNET USERS 54 #acl PWR-NET src 192.168.0.197 192.168.0.54 55 #http_access allow PWR-NET porn 56 57 http_access allow NetUser 58 59 # And finally deny all other access to this proxy 60 http_access deny all 61 62 http_reply_access allow all