Thanks for the info. I have made the changes and here is my new script. Let me explain what happens now. # NETWORK OPTIONS http_port 8085 acl QUERY urlpath_regex cgi-bin \? refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # OPTIONS WHICH AFFECT THE CACHE SIZE cache_mem 32 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB # LOGFILE PATHNAMES AND CACHE DIRECTORIES cache_dir ufs c:/squid/var/cache 1000 16 256 access_log c:/squid/var/logs/access.log squid cache_log c:/squid/var/logs/cache.log #cache_store_log c:/squid/var/logs/store.log debug_options ALL,1 # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS allow_underscore on dns_nameservers 192.168.2.3 192.168.2.1 #auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe #auth_param ntlm children 5 auth_param negotiate program c:/squid/libexec/mswin_negotiate_auth.exe auth_param negotiate children 5 #auth_param basic program c:/squid/libexec/mswin_auth.exe external_acl_type NT_global_group %LOGIN c:/squid/libexec/mswin_check_lm_group.exe -G -c # ACCESS CONTROL LISTS acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl SSL_ports port 563 acl Safe_ports port 80 # http acl Safe_ports port 87 # http required for Telstra Statistics website acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl our_networks src 192.168.0.0/16 acl NoAuthDomains dstdomain "c:/squid/etc/domains/NoAuthDomains.txt" acl proxycustom2 external NT_global_group proxycustom2 acl proxycustom1 external NT_global_group proxycustom1 acl proxyfullaccess external NT_global_group proxyfullaccess acl password proxy_auth REQUIRED acl custom2domains dstdomain "c:/squid/etc/domains/custom2domains.txt" acl custom1domains dstdomain "c:/squid/etc/domains/custom1domains.txt" acl DeniedDomains dstdomain "c:/squid/etc/domains/DeniedDomains.txt" acl CONNECT method CONNECT acl FTP proto FTP always_direct allow FTP http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access deny !our_networks http_access allow safe_ports NoAuthDomains http_access allow safe_ports proxycustom2 custom2domains password http_access allow safe_ports proxycustom1 custom1domains password http_access allow password proxyfullaccess http_access allow safe_ports !DeniedDomains password http_access deny all # MISCELLANEOUS logfile_rotate 10 error_directory c:/squid/share/errors/English So the noauthdomains works. websites that used to not work now work in that domain list the proxyfullaccess group works. i added 2 users and they can access domains in the denieddomains group now i have added 2 more custom groups. these 2 groups both have a customdomains txt file associated. The txt file has a couple of domains that have been blocked in the denied domains list which I need to give them access to. but for some reason i have added the users to this group... restarted everything but they still get access denied when trying to go to those domains. have i made any mistakes in the config? do the acl's need to be in a particular order or is it just the http_access that need to be? Thanks in advance for your help :) -- View this message in context: http://www.nabble.com/Blocked-Domains-help-%3A%28-tp23571021p23633291.html Sent from the Squid - Users mailing list archive at Nabble.com.
