Thank a million its much appreciated, that makes sense.. Now i think im
not getting my acl list the correct order quite correct because the MS
downloads are still being nailed , have a quick look below let me know
how bad the blunder is....


acl trust src 172.16.1.145
acl semi_trust src 172.16.2.245
acl lan src 172.16.0.0/255.255.0.0
acl ras src 172.17.1.0/255.255.255.0
acl ftp proto FTP
acl download url_regex -i "/usr/local/squid/denydownload.txt"
acl download-allowed dstdomain .microsoft.com
acl porn url_regex "/usr/local/squid/etc/porn.txt"
acl noporn url_regex "/usr/local/squid/etc/noporn.txt"
#####Trusted Users #######
http_access allow porn trust
http_access allow ftp trust
http_access allow download trust
##### Allowed Download sites #########
http_access deny !download-allowed download lan
http_access deny !download-allowed download ras
######Semi-Trusted#######
http_access allow porn semi_trust
##### Semi-Trust DENY ####
http_access deny ftp semi_trust
http_access deny download semi_trust
######RAS Deny #########
http_access deny porn ras
http_access deny ftp ras
http_access deny download ras
##### LAN DENY #######
http_access deny porn lan
http_access deny ftp lan
http_access deny download lan
####### RAS Allow ########
http_access allow ras
######LAN Allow###########
http_access allow lan