Thanks Saul, It works a treat mate and thanks again for a quick response. Regards, Garry Chapple -----Original Message----- From: saul waizer [mailto:swaizer@xxxxxxxxxxx] Sent: Wednesday, 12 March 2008 5:24 AM To: squid-users@xxxxxxxxxxxxxxx Cc: Garry D. Chapple Subject: RE: ACL lists Garry, Here are some examples I prepared for you: acl badguys src 6.0.0.0/8 acl badguys2 src 2.0.0.0/8 acl intruder src 10.10.10.16 acl workstation src 10.10.10.19 acl our_networks src 192.168.1.0/24 http_access deny badguys http_access deny badguys2 http_access deny intruder http_access allow workstation http_access allow our_networks http_access deny all Brief explanation on these ACL's: I use a general acl called badguys to prevent access from an entire network class, I.E. someone doing a DoS attack on your network from multiple IP's on the same class. Intruder: A kid with a script trying to use your squid coming from the same ip (Your question about deny a single host) The rest is self explanatory, you can call the acl's whatever you want. After an acl you must have a rule matching the ACL name, so here is where you either allow or deny access based on your ACL's, see the http_access "allow or deny" above. Last, but also the most important, at the end of all your ACL's put "http_access deny all" so you can secure your installation based on your newly created ACL's Hope it helps Saul Waizer -----Original Message----- From: Garry D. Chapple [mailto:garryc@xxxxxxxxxxxxxxxx] Sent: Monday, March 10, 2008 8:27 PM To: squid-users@xxxxxxxxxxxxxxx Subject: ACL lists Hi, I am a complete Squid newb with my first install done only yesterday, 2.6 stable(18). Can someone please help with basic ACL config for network IP's, I would like to allow my local network and restrict just one or two hosts by IP address. I have Googled a little but as there are so many ACL configurations it's difficult to know which one works! Squid is up and running well and I have an ACL to allow my local network (acl our_networks src 192.168.1.0/24) but how do I then deny access to just a single host IP? Any examples or good web sites with these kinds of examples would be much appreciated. Regards, Garry C No virus found in this incoming message. Checked by AVG. Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date: 3/11/2008 1:41 PM No virus found in this outgoing message. Checked by AVG. Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date: 3/11/2008 1:41 PM