On Thu, Jan 22, 2009 at 12:16:22PM -0500, milan wrote: > I am trying to set up a proxy server that does the following > 1. One class of authorized users who have unrestricted access to the > Internet. > 2. A second class of users who are denied access to the Internet, except > for a predetermined whitelist of sites Squid can do this. There is an example here: http://www.screaming-penguin.com/node/3871 In that example only two users are defined "kid" and "adult." More then one username can be defined on the acl line, or you can use a file if there are lots of users: acl auth_user proxy_auth alice bob charlie or acl auth_user proxy_auth "/etc/squid/users_we_like/" If you don't care about authenticating the whitelist users the use: acl auth_user proxy_auth ... acl whitelist dstdomain "/etc/squid/whitelist" http_access allow whitelist http_access allow auth_user http_access deny all Squid supports a couple of different types of authentication including LDAP and Active Directory. -- sg