Shelton, may be the tag http_access allow our_network should go after and not before (or may be you don't need it at all) http_access denied custom_denied_domains dst "etc/squid/denied_domains.acl" hope to be helpful. i'm a beginner. Regards, Felix Lazaro Carbonell > Site filtering issue > I am having issues with filtering of my websites. I have setup squid > 2.6.STABLE17 over a Fedora 8 machine. Below is my squid.conf file. > Squid seems to log all sites that are going out from other stations > but does not filter and of the sites. They all go through. > My denied_domains.acl has > .youtube.com > .hotmail.com > .live.com > But these sites don't seem to get blocked out. I had also issues this > command thinking that it was to do with Iptables > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to > 192.168.1.1:3128 > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 3128 > Initially squid wouldn't work; everything would be blocked so I > disable the firewall which allowed access. SO I put a custom allow to > port 3128 which opened it up but to all sites. > -------------- > squid.conf > -------------- > visible_hostname vanderpolgroup > http_port 3128 > maximum_object_size 32768 KB > maximum_object_size_in_memory 128 KB > cache_mem 256 MB > cache_dir ufs /var/spool/squid 70000 32 512 > cache_access_log /var/log/squid/access.log > cache_log /var/log/squid/cache.log > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl our_network src 192.168.10.0/24 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 # SSL > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 563 70 > acl CONNECT method CONNECT > acl custom_allowed_domains dstdomain "/etc/squid/allowed_domains.acl" > acl custom_denied_domains dstdomain "/etc/squid/denied_domains.acl" > acl ads_blacklist dstdom_regex "/etc/squid/blacklist/ads/domains" > acl aggressive_blacklist dstdom_regex > "/etc/squid/blacklist/aggressive/domains" > acl audio-video_blacklist dstdom_regex > "/etc/squid/blacklist/audio-video/domains" > acl drugs_blacklist dstdom_regex "/etc/squid/blacklist/drugs/domains" > acl gambling_blacklist dstdom_regex > "/etc/squid/blacklist/gambling/domains" > acl hacking_blacklist dstdom_regex > "/etc/squid/blacklist/hacking/domains" > acl mail_blacklist dstdom_regex "/etc/squid/blacklist/mail/domains" > acl porn_blacklist dstdom_regex "/etc/squid/blacklist/porn/domains" > acl proxy_blacklist dstdom_regex "/etc/squid/blacklist/proxy/domains" > acl redirector_blacklist dstdom_regex > "/etc/squid/blacklist/redirector/domains" > acl spyware_blacklist dstdom_regex > "/etc/squid/blacklist/spyware/domains" > acl suspect_blacklist dstdom_regex > "/etc/squid/blacklist/suspect/domains" > acl violence_blacklist dstdom_regex > "/etc/squid/blacklist/violence/domains" > acl warez_blacklist dstdom_regex "/etc/squid/blacklist/warez/domains" > acl networking_blacklist dstdom_regex > "/etc/squid/blacklist/networking/domains" > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow our_network > http_access deny all > icp_access allow all > #miss_access allow all > http_access allow custom_allowed_domains > http_access deny custom_denied_domains > http_access deny ads_blacklist > http_access deny aggressive_blacklist > http_access deny audio-video_blacklist > http_access deny drugs_blacklist > http_access deny gambling_blacklist > http_access deny hacking_blacklist > http_access deny mail_blacklist > http_access deny porn_blacklist > http_access deny proxy_blacklist > http_access deny redirector_blacklist > http_access deny spyware_blacklist > http_access deny suspect_blacklist > http_access deny violence_blacklist > http_access deny warez_blacklist > http_access deny networking_blacklist > cache_mgr abc@xxxxxxx > Thanks > Sheldon