On 10/04/2018 12:40 PM, Alex Gutiérrez Martínez wrote: > http_access deny trabajo sociales !pcinternet !adminred oficina This rule denies any request that matches each and every acl expression listed in the rule. You have 5 such expressions: trabajo, sociales, not pcinternet, not adminred, and oficina. > Do i write the rule like above or like this The correct configuration depends on what you want Squid to do. You have not provided that information explicitly AFAICT, and I am not going to guess. > http_access deny trabajo sociales !pcinternet > http_access deny trabajo sociales !adminred > http_access deny trabajo sociales oficina The above three rules deny any request that matches at least one of the following three ACL expressions: 1. trabajo and sociales but not pcinternet 2. trabajo and sociales but not adminred 3. trabajo and sociales and oficina Here is all you need to know to answer your specific question and many similar ones: * First, same-rule ACLs are ANDed together (logical conjunction). This tells you what an individual http_access rule matches. * Next, all http_access rules are ORed together (logical disjunction). This tells you what http_access configuration, as a whole, matches. rule[i] = acl1 AND acl2 AND acl3 AND ... http_access = rule1 OR rule2 OR ... HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users