To all, I am using external authentication ldap, where on a group basis I am blocking file extensions such as \.exe$ \.zip$ etc. Members of this group are restricted from downloading executable and zip files. Now, I have a number of users which are using client software which needs to be regularly updated by exe files from the internet. I would like to allow those users to be able to access the exe files from the nominated sites only. I created another group for them and tried to exclude them from the exe ban list for the specific sites only. Existing rules: acl internet_access6 external ldap_group Access-Exe-Bacs acl exe-bacs dstdomain "/usr/local/squid/var/exe-sites.tp" - these are the domains I would like those exe files from, but nowhere else! acl internet_access3 external ldap_group Access-Internet acl word-control url_regex -i "/usr/local/squid/var/word-control.tp" acl site-control dstdomain "/usr/local/squid/var/site-control.tp" acl download urlpath_regex \.exe$ \.zip$ I can either block or no site at all. Many thanks for your help Tomas -- tp PRIVACY & CONFIDENTIALITY This e-mail is private and confidential. If you have, or suspect you have received this message in error please notify the sender as soon as possible and remove from your system. You may not copy, distribute or take any action in reliance on it. Thank you for your co-operation. Please note that whilst best efforts are made, neither the company nor the sender accepts any responsibility for viruses and it is your responsibility to scan the email and attachments (if any). This e-mail has been automatically scanned for viruses by MessageLabs.
