please have a look : acl all src 200.152.80.0/24 acl danger urlpath_regex -i blabla http_access deny all danger miss_access deny all danger blocks and works, ok so far ################## acl all src 200.152.80.0/24 acl peer src 200.152.80.21 acl danger urlpath_regex -i blabla http_access deny all danger miss_access deny all danger http_access deny peer danger miss_access deny peer danger blocks for acl all but _NOT_ for peer IP, also not if the peer IP is accessing as normal client with a browser and not as a peer am I doing something wrong or is it a bug? same result here when using dstdomain or url_regex in place of urlpath_regex michel ... **************************************************** Datacenter Matik http://datacenter.matik.com.br E-Mail e Data Hosting Service para Profissionais. ****************************************************