diff --git a/roles/squid/defaults/main.yml b/roles/squid/defaults/main.yml
index 7edc835..287bf35 100644
--- a/roles/squid/defaults/main.yml
+++ b/roles/squid/defaults/main.yml
@@ -5,3 +5,4 @@ squid_cache_dir: /var/cache/squid
 squid_cache_dir_max_size: 51200
 squid_cache_dir_l1: 16
 squid_cache_dir_l2: 256
+squid_access_log: syslog:daemon.info
diff --git a/roles/squid/templates/squid.conf.j2 b/roles/squid/templates/squid.conf.j2
index 06a07a1..66e5b30 100644
--- a/roles/squid/templates/squid.conf.j2
+++ b/roles/squid/templates/squid.conf.j2
@@ -1,3 +1,4 @@
+{% if squid_acl is not defined %}
 #
 # Recommended minimum configuration:
 #
@@ -23,8 +24,17 @@ acl Safe_ports port 488		# gss-http
 acl Safe_ports port 591		# filemaker
 acl Safe_ports port 777		# multiling http
 acl CONNECT method CONNECT
+{% else %}
+{% for name in squid_acl %}
 
-access_log syslog:daemon.info
+{% for acl in squid_acl[name] %}
+acl {{ name }} {{ acl }}
+{% endfor %}
+{% endfor %}
+{% endif %}
+
+access_log {{ squid_access_log }}
+{% if squid_http_access is not defined %}
 #
 # Recommended minimum Access Permission configuration:
 #
@@ -55,6 +65,11 @@ http_access allow localhost
 
 # And finally deny all other access to this proxy
 http_access deny all
+{% else %}
+{% for rule in squid_http_access %}
+http_access {{ rule }}
+{% endfor %}
+{% endif %}
 
 # Squid normally listens to port 3128
 http_port 3128