Yes Dave, in squid.conf i set acl myLan src 192.168.1.0/24 and http_access deny myLan to try if squid stops me but i can browse. I don't understand why My iptables rule: target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 8080 Dansguardian network config. # the port that DansGuardian listens to. filterport = 8080 # the ip of the proxy (default is the loopback - i.e. this server) proxyip = 127.0.0.1 # the port DansGuardian connects to proxy on proxyport = 3128 Squid acl myLan src 192.168.1.0/24 and http_access deny myLan http_port 3128 Dansguardian runs because it stops me browsing some blocked site! I have to retry other times this evening. Amos thanks, I'll try this evening, i don't know that directive. 2013/10/8 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On 8/10/2013 12:58 p.m., Dave Burkholder wrote: >> >> No squid is not bypassed. The order flow is: >> >> Browser -> Dansguardian -> Squid -> Internet >> >> If you're wanting to limit access via squid ACLs, that's another aspect >> altogether. >> >> acl myLan src 10.0.4.0/24 >> >> http_access deny myLan all >> >> >> Do you have something like that in squid.conf? > > > Don't forget the follow_x_forwarded_for to determine what the client on the > other side of DG is. > > follow_x_forwarded_for allow localhost > follow_x_forwarded_for deny all > > > Amos