OK I found the problem, it is to do with the order in which the ACLs are listed. See this post http://cvs.squid-cache.org/mail-archive/squid-users/200501/0500.html Thanks for your help. Tom. -----Original Message----- From: Indunil Jayasooriya [mailto:indunil75@xxxxxxxxx] Sent: 14 September 2007 10:04 To: Tom Vivian Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: ACL problems for a newbie. > On 9/14/07, Tom Vivian <tom@xxxxxxxxxxxxxxxxxxx> wrote: > > > SquidNT 2.5 > > ntlm auth > > Windows Server 2003 > > > > Everything is nearly working. The authentication against AD is fine, > > I can see the domain name\username in the logs etc. However I can't > > get Windows update to work, nor can my TomTom Home software logon to the TomTom site. > > > > Below is a copy of the logs entries for each case and my config: > > > > acl WindowsUpdate dstdomain -i c:/squid/etc/msupdate.txt no_cache > > deny WindowsUpdate http_access allow WindowsUpdate > > > > msupdate.txt contains: > > > > windowsupdate.microsoft.com > > update.microsoft.com > > activex.microsoft.com > > download.windowsupdate.com > > www.download.windowsupdate.com > > codecs.microsoft.com > > stats.updates.microsoft.com > > c.microsoft.com pls add a DOT (.) in front of all above sites as below. NEW msupdate.txt contains: .windowsupdate.microsoft.com .update.microsoft.com .activex.microsoft.com .download.windowsupdate.com .download.windowsupdate.com .codecs.microsoft.com .stats.updates.microsoft.com .c.microsoft.com NOW, you may try. -- Thank you Indunil Jayasooriya -- I am using the free version of SPAMfighter for private users. It has removed 1714 spam emails to date. Paying users do not have this message in their emails. Get the free SPAMfighter here: http://www.spamfighter.com/len