Hello, I've been given a homework connected with ACLs in Squid. Unfortunately there is no way to simulate the environment so I wrote acl rules off the top of my head. So please, check it. Probably there is a mistake in the scenario. Designers and programmers are in the same subnet and they should have different rules which I think is impossible. I know that it's long but I've tried to write it clear. So please, be patient and help. Scenario given. President has a PC and notebook with MACs specified (08:00:27:81:08:73 and 08:00:27:84:24:BF). Managers have three notebooks with MACs specified (08:00:27:E7:D5:37, 08:00:27:82:59:C5, 08:00:27:C3:BE:B8). Designers and programmers have computers in 192.168.2.0 subnet (their PCs are DHCP clients). An Administrator has notebook with 08:00:27:EB:D7:94 MAC. A secretary and an accountant have PCs in 192.168.3.0 subnet. And here are the rules which should be applied. 1. The president has unlimited access. 2. Managers are denied to access to entertainment websites (community, movies, music, porn) form Monday to Sunday during the working hours (8 - 16) 3. Designers are denied to access to entertainment websites all the time and their cannot download movie, music, torrent and exe (except Windows updates) files 4. Programmers are denied to access to entertainment websites all the time and cannot access to info websites such yahoo.com, newsweek.com during the working hours in working week. 5. An administrato has unlimitted access during the working hours. After, he is not allowed to access to entertainment websites. 6. A secretary and an accountant are denied to access to entertainment websites during the working hours and their cannot download any files from the Internet except xls, doc, gif, zip, txt files. # MY ACLs acl presidentNotebook arp 08:00:27:84:24:BF acl presidentPC arp 08:00:27:81:08:73 acl managerNotebook1 arp 08:00:27:E7:D5:37 acl managerNotebook2 arp 08:00:27:82:59:C5 acl managerNotebook3 arp 08:00:27:C3:BE:B8 # I don't know if it's possible to have three MACs in one ACL? acl designersProgrammers src 192.168.2.0/24 acl adminNotebook arp 08:00:27:EB:D7:94 acl office src 192.168.3.0/24 acl funWebsites dstdom_regex "/etc/squid/funWebsites.acl" acl workingHours time M T W H F A S 8:00-16:00 acl workingHoursWeek time M T W H F 8:00-16:00 acl alwaysTime time M T W H F A S 00:00-24:00 acl files urlpath_regex "/etc/squid/files.acl" acl microsoftDomain src microsoft.com acl exeFile urlpath_regex \.[Ee][Xx][Ee]$ acl infoWebsites dstdom_regex "/etc/squid/infoWebsites" acl officeDownload urlpath_regex "/etc/squid/office.acl # END of ACLs # FILES CREATED IN /etc/squid/ LOCATION - funWebsites.acl facebook.com twitter.com youtube.com porn movie sex music - files.acl .[Ee][Xx][Ee]$ .[Aa][Vv][Ii]$ .[Mm][Pp][3]$ .[Tt][Oo][Rr][Rr][Ee][Nn][Tt]$ - infoWebsites.acl yahoo.com newsweek.com - office.acl .[Dd][Oo][Cc]$ .[Gg][Ii][Ff]$ .[Xx][Ll][Ss]$ .[Tt][Xx][Tt]$ .[Zz][Ii][Pp]$ # HTTP_ACCESS SECTION http_access presidentNotebook allow all http_access presidentPC allow all http_access managerNotebook1 deny funWebsites workingHoursWeek http_access managerNotebook2 deny funWebsites workingHoursWeek http_access managerNotebook3 deny funWebsites workingHoursWeek # I dont know if it's possible to put these 3 row into 1. http_access designersProgrammers deny funWebsites alwaysTime http_access designersProgrammers allow microsoftDomain exeFile http_access designersProgrammers deny files http_access designersProgrammers deny infoWebsites workingHours http_access adminNotebook deny funWebsites !workingHours http_access office deny funWebsites workingHours http_access office deny !officeDownload http_access allow all ---------- Best regards!