Hi, I'm having some trouble with ACLs when I try to block .exe files. Actually the acl works very well, but some sites use .exe files do display html content. I have a few webmail sites and some bank sites that do this. The problem is that I can't figure out how to unblock them. From what I know, squid reads acl rules from top to botton so if I have specified a site to be allowed first, even if there is a blocking rule below it should ignore it. Below are the related acl rules. The first 4 lines are ntlm group based rules. The goodextensions acl is the one that should allow sites with webmail.exe. Instead of letting it go, squid returns me, for ex. that access to the site http://email.terra.com.br/cgi-bin/webmail.exe? is denied. Does anyone know what I'm doing wrong? I'm using squid version 2.5.STABLE9. Any help will be much appreciated. Andre external_acl_type grupo ttl=900 concurrency=150 %LOGIN /usr/sbin/wbinfo_group.pl acl acesso external grupo internet acl CONNECT method CONNECT acl rede proxy_auth REQUIRED src x.x.x.x/x acl badsites dstdomain "/etc/squid/lists/badsites.conf" acl badwords url_regex -i "/etc/squid/lists/badwords.conf" acl badextensions urlpath_regex -i \.(exe|bat|cmd|pif|scr|vbs|mov|mp3|avi|mwa|mwv|mpg)($|\?) acl malware url_regex -i "/etc/squid/malware/lista.txt" acl goodsites dstdomain "/etc/squid/lists/goodsites.conf" acl goodwords url_regex -i "/etc/squid/lists/goodwords.conf" acl goodextensions urlpath_regex -i webmail.exe($|\?) acl java_jvm browser Java/1.4 Java/1.5 http_access allow manager localhost http_access deny manager http_access deny !portaspadrao http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow java_jvm http_access allow rede acesso goodsites goodwords goodextensions http_access allow rede acesso !badsites !badwords !badextensions !malware http_access deny all http_reply_access allow all icp_access allow all
