Thanks for the reply Felix. I guess that must have helped. I did as you said but that seem to block all the sites. Which made me think that the order of the commands make a difference. Which is why, I followed the default squid.conf file and put the commands in some what the same order as it is on there. I also had to add in some other syntax's Well, I have a working squid now. It was just the order that was messing up everything. Here is the working config. I will try to setup SARG along with squid. Lets hope it goes well. squid.conf -------------- acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl our_network src 192.168.10.0/24 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # SSL acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl custom_allowed_domains dstdomain "/etc/squid/allowed_domains.acl" acl custom_denied_domains dstdomain "/etc/squid/denied_domains.acl" acl ads_blacklist dstdom_regex "/etc/squid/blacklist/ads/domains" acl aggressive_blacklist dstdom_regex "/etc/squid/blacklist/aggressive/domains" acl audio-video_blacklist dstdom_regex "/etc/squid/blacklist/audio-video/domains" acl drugs_blacklist dstdom_regex "/etc/squid/blacklist/drugs/domains" acl gambling_blacklist dstdom_regex "/etc/squid/blacklist/gambling/domains" acl hacking_blacklist dstdom_regex "/etc/squid/blacklist/hacking/domains" acl mail_blacklist dstdom_regex "/etc/squid/blacklist/mail/domains" acl porn_blacklist dstdom_regex "/etc/squid/blacklist/porn/domains" acl proxy_blacklist dstdom_regex "/etc/squid/blacklist/proxy/domains" acl redirector_blacklist dstdom_regex "/etc/squid/blacklist/redirector/domains" acl spyware_blacklist dstdom_regex "/etc/squid/blacklist/spyware/domains" acl suspect_blacklist dstdom_regex "/etc/squid/blacklist/suspect/domains" acl violence_blacklist dstdom_regex "/etc/squid/blacklist/violence/domains" acl warez_blacklist dstdom_regex "/etc/squid/blacklist/warez/domains" acl networking_blacklist dstdom_regex "/etc/squid/blacklist/networking/domains" acl torrent_blacklist dstdom_regex "/etc/squid/blacklist/torrent/domains" http_access allow custom_allowed_domains http_access deny custom_denied_domains http_access deny ads_blacklist http_access deny aggressive_blacklist http_access deny audio-video_blacklist http_access deny drugs_blacklist http_access deny gambling_blacklist http_access deny hacking_blacklist http_access deny mail_blacklist http_access deny porn_blacklist http_access deny proxy_blacklist http_access deny redirector_blacklist http_access deny spyware_blacklist http_access deny suspect_blacklist http_access deny violence_blacklist http_access deny warez_blacklist http_access deny networking_blacklist http_access deny torrent_blacklist http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow our_network http_access deny all icp_access allow all http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache_mem 256 MB cache_dir ufs /var/spool/squid 70000 32 512 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache coredump_dir /var/spool/squid maximum_object_size 32768 KB maximum_object_size_in_memory 128 KB cache_mgr abc@xxxxxxx Thanks Sheldon ------------------------------------------- On Tue, Apr 15, 2008 at 12:49 PM, Felix Lazaro Carbonell Carbonell <felix@xxxxxxxxxxxxxx> wrote: > > > Shelton, may be the tag > http_access allow our_network > should go after and not before (or may be you don't need it at all) > http_access denied custom_denied_domains dst "etc/squid/denied_domains.acl" > > > hope to be helpful. > i'm a beginner. > Regards, > Felix Lazaro Carbonell > > Site filtering issue > > > I am having issues with filtering of my websites. I have setup squid > > 2.6.STABLE17 over a Fedora 8 machine. Below is my squid.conf file. > > Squid seems to log all sites that are going out from other stations > > but does not filter and of the sites. They all go through. > > My denied_domains.acl has > > .youtube.com > > .hotmail.com > > .live.com > > But these sites don't seem to get blocked out. I had also issues this > > command thinking that it was to do with Iptables > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to > > 192.168.1.1:3128 > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > > --to-port 3128 > > > Initially squid wouldn't work; everything would be blocked so I > > disable the firewall which allowed access. SO I put a custom allow to > > port 3128 which opened it up but to all sites. > > > -------------- > > squid.conf > > -------------- > > visible_hostname vanderpolgroup > > > http_port 3128 > > > maximum_object_size 32768 KB > > maximum_object_size_in_memory 128 KB > > > cache_mem 256 MB > > cache_dir ufs /var/spool/squid 70000 32 512 > > > cache_access_log /var/log/squid/access.log > > cache_log /var/log/squid/cache.log > > > acl all src 0.0.0.0/0.0.0.0 > > acl manager proto cache_object > > acl localhost src 127.0.0.1/255.255.255.255 > > acl our_network src 192.168.10.0/24 > > acl to_localhost dst 127.0.0.0/8 > > > acl SSL_ports port 443 # SSL > > acl Safe_ports port 80 # http > > acl Safe_ports port 21 # ftp > > acl Safe_ports port 443 # https > > acl Safe_ports port 70 # gopher > > acl Safe_ports port 210 # wais > > acl Safe_ports port 1025-65535 # unregistered ports > > acl Safe_ports port 280 # http-mgmt > > acl Safe_ports port 488 # gss-http > > acl Safe_ports port 591 # filemaker > > acl Safe_ports port 777 # multiling http > > acl Safe_ports port 563 70 > > acl CONNECT method CONNECT > > > > acl custom_allowed_domains dstdomain "/etc/squid/allowed_domains.acl" > > acl custom_denied_domains dstdomain "/etc/squid/denied_domains.acl" > > .... > > > http_access allow custom_allowed_domains > > http_access deny custom_denied_domains > > .... > > > > Thanks > > Sheldon > > > > >