Probably a quite easy question, but I'm beginning at configuring

I have a fedora box running squid at work.

There are 4 people allowed to access squid with ncsa_auth.

The first 3 people should be able to access the whole internet except
some kind of files.
The 4th person should be restricted to only a few websites specified
in a file. The filetype limitation applies to the 4th user as well.

I tried this :

acl user1 proxy_auth REQUIRED
acl user2 proxy_auth REQUIRED
acl user3 proxy_auth REQUIRED
acl user4 proxy_auth REQUIRED
acl allowed_sites url_regex "/etc/squid/allowed_sites"
acl restricted_files urlpath_regex \.zip$ \.exe$

http_access deny restricted_files
http_access allow user1
http_access allow user2
http_access allow user3
http_access deny !user1
http_access deny !user2
http_access deny !user3
http_access allow allowed_sites
http_access allow user4
http_access deny all

This configuration doesn't work, user4 can still access the whole
internet except the files specified.

Could someone gimme some insight
Thanks in advance,