diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
index 763048f1b..bfdacb576 100644
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -173,15 +173,15 @@ http_access deny blockuseragents
 {% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %}
 
 # ACL list (Deny) blockmimetypes
-http_reply_access deny blockmimetypes
-http_access deny blockmimetypes_requests
+http_reply_access deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
+http_access deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
 {% endif %}
 
 # Deny requests to certain unsafe ports
-http_access deny !Safe_ports
+http_access deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
 
 # Deny CONNECT to other than secure SSL ports
-http_access deny CONNECT !SSL_ports
+http_access deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
 
 {% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %}
 http_access deny bannedHosts