Hi, I want to keep my ACLs separate form the main squid config file, so we can upgrade squid easily without touching this file too much (hopefully). The problem is that the user ACLs are supposed to be somewhere in the middle of the conf file. There are a couple of options that I was thinking about. I tried both and got both to work as reverse proxy, however I am not really sure about the rest of the services that may be disabled. Option 1 In the main squid file just call my ACL. I still need to change this file, but not much: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS include my_acl.conf Option 2 Call my ACLs in the beginning, and then call the default squid conf file: So my squid.conf file looks like this: include my_acl.conf include squid.conf.default Option 2 seems better since I can leave the quid conf files intact. It is also a way to run multiple instances of squid on the same box without duplicating configuration. Each instance conf file does some instance configuration, and then calls my ACL and the default squid ACL. Example: access_log /var/logs/squid/instance_1/access.log squid include my_acl.conf include squid.conf.default pid_filename /var/logs/squid/instance_1/squid.pid I am not sure that option 2 is OK. It may be blocking other services that squid uses in the default configuration (for administration and monitoring). Generally this is reverse proxy, so it should allow only HTTP to the origin server and nothing more. Is option 2 a workable solution or will it have problems working with the default configuration? E
