To all, I made a real mess form the previous mail which I sent without any https_access rules. Thanks Christoph. Let's try again. I am using external authentication ldap, where on a group basis I am blocking file extensions such as \.exe$ \.zip$ etc. Members of this group are restricted from downloading executable and zip files. # user base 3 acl internet_access3 external ldap_group Access-Internet acl word-control url_regex -i "/usr/local/squid/var/word-control.tp" acl site-control dstdomain "/usr/local/squid/var/site-control.tp" acl download urlpath_regex \.exe$ \.zip$ http_access deny internet_access3 word-control http_access deny internet_access3 site-control http_access deny internet_access3 download http_access allow internet_access3 Now, I have a number of users which are using client software which needs to be regularly updated by .exe files from the internet. I would like to allow those users to be able to access the .exe files from the nominated sites only and being blocked from downloading .exe files from anywhere else. I created another group for them and tried to exclude them from the exe ban list for the specific sites only. acl internet_access6 external ldap_group Access-Exe-Bacs acl exe-bacs dstdomain "/usr/local/squid/var/exe-sites.tp" - contains .exe allowed sites only. How do I go about allowing those users to access any site without them being able to download those exe and zip files except for the nominated domains?? I can either block all sites or no site at all. I am looking for something like this http_access deny internet_access6 word-control http_access deny internet_access6 site-control http_access deny internet_access6 download !exe-bacs -exception domains??? http_access allow internet_access6 Many thanks for your help Tomas -- tp PRIVACY & CONFIDENTIALITY This e-mail is private and confidential. If you have, or suspect you have received this message in error please notify the sender as soon as possible and remove from your system. You may not copy, distribute or take any action in reliance on it. Thank you for your co-operation. Please note that whilst best efforts are made, neither the company nor the sender accepts any responsibility for viruses and it is your responsibility to scan the email and attachments (if any). This e-mail has been automatically scanned for viruses by MessageLabs.
