Dear sirs, I've solved the problem using # deny non-authenticated users # all others (ie valid users) skip this rule http_access deny !autenticados # sites whose name appear to be porn or other crap # but are good sites (eg esSEX.ac.uk) http_access allow liberado # if the user requests a legal site which is out of our deny list # we allow him/her to browse it http_access allow !semacesso # And finally deny all other access to this proxy http_access allow localhost http_access deny all Thanks for all which answered, Marlon. >>> Carlos Zottmann <carlos.zottmann@xxxxxxxxx> 22/8/2005 10:00:33 >>> [...] When you use "http_access allow autenticados" as your first rule, you are saying that anyone who authenticates have access to any site, as squid´s rules are processed in the order that they are declared, so you should place your deny rules before this one.