ons 2009-09-09 klockan 12:02 +0530 skrev Avinash Rao: > http_access allow staffgroup > http_access allow student staffgroup The above is wrong. The first directive allows everyone in staffgroup without restriction, which means the second can not be reached. Squid uses the first http_access line matching the request to determine if the request is allowed or denied, any http_access rules following that is ignored. > I am wondering if its really checking the NT group? I also tried using > the squid_unix_group option, but the result was the same. It most likely is, assuming you have no "proxy_auth REQUIRED" acl used in parts of squid.conf not shown here. > http_access deny extndeny > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > > > #http_access allow friends WORKING > #http_access deny friends > http_access deny abc > http_access deny videos > > http_access deny !AuthUsers Ok. > http_access allow staffgroup > http_access allow student staffgroup See above for why this is wrong. I guess the first of the two should go.. > http_access allow manager localhost > http_access deny manager > http_access allow purge localhost There is a "deny purge" rule missing here. And the whole block should be before your custom rules (i.e. first rules in http_access). > #http_access allow special_urls > #http_access deny extndeny download > http_access deny badurl > #http_access deny malware_block_list > #deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list This deny need to go before where you allow access to be effective. But maybe it is.. Not entirely obvious to me who should get denied and who not. > http_access allow localhost > http_access allow lan > http_access deny all Ok. Regards Henrik