Source group, or client groups if you prefer, are declared by any reasonable combination of:

IP addresses and/or ranges (multiple):

    xxx.xxx.xxx.xxx [...] or xxx.xxx.xxx.xxx/nn [...] or xxx.xxx.xxx.xxx/mmm.mmm.mmm.mmm [...] or xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy [...] 

where:
     xxx.xxx.xxx.xxx is an IP address (host or net, i.e. 10.11.12.13 or 10.11.12.0), /nn a net prefix (i.e. /23),
     mmm.mmm.mmm.mmm is a netmask (i.e. 255.255.254.0)
     and yyy.yyy.yyy.yyy is a host address (must be >= xxx.xxx.xxx.xxx) 

File of IP address/range list:

    The value must be a single filename. Where filename is either a path relative to dbhome or an absolute path to a database file.
     The file format is simply addresses and/or networks separated by a newline as above.

Search Ip in LDAP:

    Used to define a ldap query in order to extract an Ip address from an LDAP server (or an Active Directory). 
    Use '%s' to reference the ip in your LDAP URL.

Example:
    ldap://ldap.example.com/ou=internetcomputers,dc=example,dc=com?iphostnumber?sub?(&(objectclass=iphost)(iphostnumber=%s))

Domains names (multiple):

    foo.com [...]

where:
    foo.com is a domain (zone).

Users (multiple):

    user1 [...]

where:
    user1 is a username. This mean that the users must be authenticated by squid first to make this work.

File of users list (single):

    The value must be a single filename. Where filename is either a path relative to dbhome or an absolute path to a database file.
    The file format is simply RFC-931 usernames optionally followed by a `:' and a comment (i.e. /etc/passwd or a .htpasswd file may be used)
    separated by a newline as in the user declaration.

Search Users in LDAP:

    Used to define a ldap query in order to extract a user name from an LDAP server (or an Active Directory).
    Use '%s' to reference the username in your LDAP URL.

example:
    ldap://ldap.example.com/cn=squidguardusers,ou=groups,dc=example,dc=com?memberUid?sub?(&(objectclass=posixGroup)(memberUid=%s))

Search Users in MySQL database:

Used to define a select statement to retreive a username from a mysql database. 

Example:
    select login from pusers

Attention: The query must not be ended by a trailing ";" and must not contain more than four statements.
Additionally keep in mind, that the name "user" is already used as a token by squidGuard. Don't use it in your query. 

Program returning user list:

Used to specifies a command to run that will write a list of usernames on stdout.
The value must be an absolute path to an executable program. This program must be executable by the user running squidGuard (most of the time squid).

Time constraints on source groups can be used to make these groups functional within or outside a given time space only;