If create these entries in squid.conf: acl wwwebay dstdomain www.ebay.com acl wwwcons dstdomain demo.consortium.com acl emmepitre url_regex ^http://.*\.mp3 acl msnmessq req_mime_type -i ^application/x-msn-messenger$ acl msnmessp rep_mime_type -i ^application/x-msn-messenger$ acl audiosp rep_mime_type -i ^audio/wav$ acl videosp req_mime_type -i ^application/x-shockwave-flash$ acl streaming_mediap rep_mime_type ^video/x-ms-asf acl streaming_mediap rep_mime_type ^audio/mpeg acl streaming_mediap rep_mime_type ^audio/x-scpls acl streaming_mediap rep_mime_type ^video/x-flv
http_access allow user2 http_access allow user3 http_access deny msnmessp http_access deny audiosp http_access deny videosp http_access deny streaming_mediap http_access allow user1 wwwebay http_access allow user1 wwwcons http_access deny wwwebay http_access allow user4 ... ... ... http_access allow user100 http_access deny all # http_reply_access allow user2 http_reply_access allow user3 http_reply_access deny msnmessp http_reply_access deny audiosp http_reply_access deny videosp http_reply_access deny streaming_mediap http_reply_access allow all In this case, I'd like: user2+3 can access to everything. User1 can access only to www.ebay.com User4 to user 100 can access everything except msnmessp, audiosp, videosp, streaming_mediap, wwwebay, wwwcons. What's order on which rules are scanned from squid ? What do you think about my schema criteria ?