diff --git a/.etckeeper b/.etckeeper
index ae05982..c0c69de 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -133,6 +133,7 @@ maybe chmod 0755 'NetworkManager/conf.d'
 maybe chmod 0755 'NetworkManager/dispatcher.d'
 maybe chmod 0755 'NetworkManager/dispatcher.d/11-dhclient'
 maybe chmod 0755 'NetworkManager/dispatcher.d/20-chrony'
+maybe chmod 0755 'NetworkManager/dispatcher.d/20-squid'
 maybe chmod 0755 'NetworkManager/dispatcher.d/no-wait.d'
 maybe chmod 0755 'NetworkManager/dispatcher.d/pre-down.d'
 maybe chmod 0755 'NetworkManager/dispatcher.d/pre-up.d'
@@ -514,6 +515,7 @@ maybe chmod 0644 'dnf/modules.d/redis.module'
 maybe chmod 0644 'dnf/modules.d/ruby.module'
 maybe chmod 0644 'dnf/modules.d/rust-toolset.module'
 maybe chmod 0644 'dnf/modules.d/satellite-5-client.module'
+maybe chmod 0640 'dnf/modules.d/squid.module'
 maybe chmod 0644 'dnf/modules.d/subversion.module'
 maybe chmod 0644 'dnf/modules.d/virt.module'
 maybe chmod 0755 'dnf/modules.defaults.d'
@@ -937,6 +939,7 @@ maybe chmod 0644 'httpd/conf.d/perl.conf'
 maybe chmod 0644 'httpd/conf.d/perl.conf.rpmnew'
 maybe chmod 0644 'httpd/conf.d/php.conf'
 maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf'
+maybe chmod 0644 'httpd/conf.d/squid.conf'
 maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled'
 maybe chmod 0644 'httpd/conf.d/userdir.conf'
 maybe chmod 0644 'httpd/conf.d/welcome.conf'
@@ -2540,6 +2543,7 @@ maybe chmod 0644 'logrotate.d/redis'
 maybe chmod 0644 'logrotate.d/rkhunter'
 maybe chmod 0644 'logrotate.d/rspamd'
 maybe chmod 0644 'logrotate.d/sa-update'
+maybe chmod 0644 'logrotate.d/squid'
 maybe chmod 0644 'logrotate.d/sssd'
 maybe chmod 0644 'logrotate.d/subscription-manager'
 maybe chmod 0644 'logrotate.d/syslog'
@@ -3909,6 +3913,7 @@ maybe chmod 0644 'pam.d/runuser-l'
 maybe chmod 0644 'pam.d/screen'
 maybe chmod 0644 'pam.d/smartcard-auth'
 maybe chmod 0644 'pam.d/smtp.postfix'
+maybe chmod 0644 'pam.d/squid'
 maybe chmod 0644 'pam.d/sshd'
 maybe chmod 0644 'pam.d/sssd-shadowutils'
 maybe chmod 0644 'pam.d/su'
@@ -4785,6 +4790,17 @@ maybe chmod 0644 'sqlgrey/sqlgrey.conf'
 maybe chown 'sqlgrey' 'sqlgrey/sqlgrey.sql'
 maybe chgrp 'sqlgrey' 'sqlgrey/sqlgrey.sql'
 maybe chmod 0640 'sqlgrey/sqlgrey.sql'
+maybe chmod 0755 'squid'
+maybe chgrp 'squid' 'squid/cachemgr.conf'
+maybe chmod 0644 'squid/cachemgr.conf'
+maybe chmod 0644 'squid/cachemgr.conf.default'
+maybe chmod 0644 'squid/errorpage.css'
+maybe chmod 0644 'squid/errorpage.css.default'
+maybe chmod 0644 'squid/mime.conf'
+maybe chmod 0644 'squid/mime.conf.default'
+maybe chgrp 'squid' 'squid/squid.conf'
+maybe chmod 0640 'squid/squid.conf'
+maybe chmod 0644 'squid/squid.conf.default'
 maybe chmod 0755 'ssh'
 maybe chmod 0644 'ssh/moduli'
 maybe chmod 0644 'ssh/sftp_config'
@@ -4908,6 +4924,7 @@ maybe chmod 0644 'sysconfig/snapd'
 maybe chmod 0644 'sysconfig/snmpd'
 maybe chmod 0644 'sysconfig/snmptrapd'
 maybe chmod 0644 'sysconfig/spamassassin'
+maybe chmod 0644 'sysconfig/squid'
 maybe chmod 0640 'sysconfig/sshd'
 maybe chmod 0644 'sysconfig/sslh'
 maybe chmod 0644 'sysconfig/svnserve'
diff --git a/NetworkManager/dispatcher.d/20-squid b/NetworkManager/dispatcher.d/20-squid
new file mode 100755
index 0000000..5e40f76
--- /dev/null
+++ b/NetworkManager/dispatcher.d/20-squid
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+case "$2" in
+        up|down|vpn-up|vpn-down)
+                /bin/systemctl -q reload squid.service || :
+                ;;
+esac
diff --git a/dnf/modules.d/squid.module b/dnf/modules.d/squid.module
new file mode 100644
index 0000000..79af984
--- /dev/null
+++ b/dnf/modules.d/squid.module
@@ -0,0 +1,5 @@
+[squid]
+name=squid
+stream=4
+profiles=
+state=enabled
diff --git a/group b/group
index 00443fa..40c2f7e 100644
--- a/group
+++ b/group
@@ -102,3 +102,4 @@ mailcow:x:1017:
 rundeck:x:1018:
 litecoin:x:1019:
 bogdan:x:1020:
+squid:x:23:
diff --git a/group- b/group-
index ece5fae..00443fa 100644
--- a/group-
+++ b/group-
@@ -101,3 +101,4 @@ cfb:x:1016:
 mailcow:x:1017:
 rundeck:x:1018:
 litecoin:x:1019:
+bogdan:x:1020:
diff --git a/gshadow b/gshadow
index cc13286..9aa2961 100644
--- a/gshadow
+++ b/gshadow
@@ -102,3 +102,4 @@ mailcow:!::
 rundeck:!::
 litecoin:!::
 bogdan:!::
+squid:!::
diff --git a/gshadow- b/gshadow-
index 09cfb65..cc13286 100644
--- a/gshadow-
+++ b/gshadow-
@@ -101,3 +101,4 @@ cfb:!::
 mailcow:!::
 rundeck:!::
 litecoin:!::
+bogdan:!::
diff --git a/httpd/conf.d/squid.conf b/httpd/conf.d/squid.conf
new file mode 100644
index 0000000..afa533c
--- /dev/null
+++ b/httpd/conf.d/squid.conf
@@ -0,0 +1,13 @@
+
+#
+# This is /etc/httpd/conf.d/squid.conf
+#
+
+ScriptAlias /Squid/cgi-bin/cachemgr.cgi /usr/lib64/squid/cachemgr.cgi
+
+# Only allow access from localhost by default
+<Location /Squid/cgi-bin/cachemgr.cgi>
+ Require local
+ # Add additional allowed hosts as needed
+ # Require host example.com
+</Location>
diff --git a/logrotate.d/squid b/logrotate.d/squid
new file mode 100644
index 0000000..4a0406f
--- /dev/null
+++ b/logrotate.d/squid
@@ -0,0 +1,16 @@
+/var/log/squid/*.log {
+    weekly
+    rotate 5
+    compress
+    notifempty
+    missingok
+    nocreate
+    sharedscripts
+    postrotate
+      # Asks squid to reopen its logs. (logfile_rotate 0 is set in squid.conf)
+      # errors redirected to make it silent if squid is not running
+      /usr/sbin/squid -k rotate 2>/dev/null
+      # Wait a little to allow Squid to catch up before the logs is compressed
+      sleep 1
+    endscript
+}
diff --git a/pam.d/squid b/pam.d/squid
new file mode 100644
index 0000000..1d78594
--- /dev/null
+++ b/pam.d/squid
@@ -0,0 +1,3 @@
+#%PAM-1.0
+auth		include		password-auth
+account		include		password-auth
diff --git a/passwd b/passwd
index 2194db2..d2e8f6c 100644
--- a/passwd
+++ b/passwd
@@ -73,3 +73,4 @@ mailcow:x:1016:1017::/home/mailcow:/bin/bash
 rundeck:x:1017:1018::/var/lib/rundeck:/bin/bash
 litecoin:x:1018:1019::/opt/litecoin:/bin/bash
 bogdan:x:1019:1020::/home/bogdan:/usr/bin/mysecureshell
+squid:x:23:23::/var/spool/squid:/sbin/nologin
diff --git a/passwd- b/passwd-
index 6be62ce..2194db2 100644
--- a/passwd-
+++ b/passwd-
@@ -72,3 +72,4 @@ cfb:x:1015:1016::/home/cfb:/bin/bash
 mailcow:x:1016:1017::/home/mailcow:/bin/bash
 rundeck:x:1017:1018::/var/lib/rundeck:/bin/bash
 litecoin:x:1018:1019::/opt/litecoin:/bin/bash
+bogdan:x:1019:1020::/home/bogdan:/usr/bin/mysecureshell
diff --git a/shadow b/shadow
index 047d1c7..90e188b 100644
--- a/shadow
+++ b/shadow
@@ -73,3 +73,4 @@ mailcow:$6$7vT203MTlIc8ROf0$VxXn56jKN5.UAPyXsgvv4r2XQDaL5yjo8Tk1We6rPS1eB7fRxbmI
 rundeck:!!:18772:0:99999:7:30::
 litecoin:!!:18775:0:99999:7:30::
 bogdan:mCxaxi7Ck2FlI:18822:0:99999:7:30::
+squid:!!:18921::::::
diff --git a/shadow- b/shadow-
index 12beed7..047d1c7 100644
--- a/shadow-
+++ b/shadow-
@@ -72,3 +72,4 @@ cfb:$6$qp3Fo53PpelMFPxu$kpw4lw/ODVjqSnohBn7MeduZuorwzWLD5QQGiZ5ARhGylK.56a7FswSh
 mailcow:$6$7vT203MTlIc8ROf0$VxXn56jKN5.UAPyXsgvv4r2XQDaL5yjo8Tk1We6rPS1eB7fRxbmIRMt8n4irsVtV4zhCwECzlZN8Q6kKezmwp0:18768:0:99999:7:30::
 rundeck:!!:18772:0:99999:7:30::
 litecoin:!!:18775:0:99999:7:30::
+bogdan:mCxaxi7Ck2FlI:18822:0:99999:7:30::
diff --git a/squid/cachemgr.conf b/squid/cachemgr.conf
new file mode 100644
index 0000000..530c45e
--- /dev/null
+++ b/squid/cachemgr.conf
@@ -0,0 +1,21 @@
+## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
+##
+## Squid software is distributed under GPLv2+ license and includes
+## contributions from numerous individuals and organizations.
+## Please see the COPYING and CONTRIBUTORS files for details.
+##
+
+# This file controls which servers may be managed by
+# the cachemgr.cgi script
+#
+# The file consists of one server per line on the format
+#   hostname:port  description
+#
+# Specifying :port is optional. If not specified then
+# the default proxy port is assumed. :* or :any matches
+# any port on the target server.
+#
+# hostname is matched using shell filename matching, allowing
+# * and other shell wildcards.
+
+localhost
diff --git a/squid/cachemgr.conf.default b/squid/cachemgr.conf.default
new file mode 100644
index 0000000..530c45e
--- /dev/null
+++ b/squid/cachemgr.conf.default
@@ -0,0 +1,21 @@
+## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
+##
+## Squid software is distributed under GPLv2+ license and includes
+## contributions from numerous individuals and organizations.
+## Please see the COPYING and CONTRIBUTORS files for details.
+##
+
+# This file controls which servers may be managed by
+# the cachemgr.cgi script
+#
+# The file consists of one server per line on the format
+#   hostname:port  description
+#
+# Specifying :port is optional. If not specified then
+# the default proxy port is assumed. :* or :any matches
+# any port on the target server.
+#
+# hostname is matched using shell filename matching, allowing
+# * and other shell wildcards.
+
+localhost
diff --git a/squid/errorpage.css b/squid/errorpage.css
new file mode 100644
index 0000000..6ed4362
--- /dev/null
+++ b/squid/errorpage.css
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+/*
+ Stylesheet for Squid Error pages
+ Adapted from design by Free CSS Templates
+ http://www.freecsstemplates.org
+ Released for free under a Creative Commons Attribution 2.5 License
+*/
+
+/* Page basics */
+* {
+	font-family: verdana, sans-serif;
+}
+
+html body {
+	margin: 0;
+	padding: 0;
+	background: #efefef;
+	font-size: 12px;
+	color: #1e1e1e;
+}
+
+/* Page displayed title area */
+#titles {
+	margin-left: 15px;
+	padding: 10px;
+	padding-left: 100px;
+	background: url('/squid-internal-static/icons/SN.png') no-repeat left;
+}
+
+/* initial title */
+#titles h1 {
+	color: #000000;
+}
+#titles h2 {
+	color: #000000;
+}
+
+/* special event: FTP success page titles */
+#titles ftpsuccess {
+	background-color:#00ff00;
+	width:100%;
+}
+
+/* Page displayed body content area */
+#content {
+	padding: 10px;
+	background: #ffffff;
+}
+
+/* General text */
+p {
+}
+
+/* error brief description */
+#error p {
+}
+
+/* some data which may have caused the problem */
+#data {
+}
+
+/* the error message received from the system or other software */
+#sysmsg {
+}
+
+pre {
+}
+
+/* special event: FTP / Gopher directory listing */
+#dirmsg {
+    font-family: courier, monospace;
+    color: black;
+    font-size: 10pt;
+}
+#dirlisting {
+    margin-left: 2%;
+    margin-right: 2%;
+}
+#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
+    border-bottom: groove;
+}
+#dirlisting td.size {
+    width: 50px;
+    text-align: right;
+    padding-right: 5px;
+}
+
+/* horizontal lines */
+hr {
+	margin: 0;
+}
+
+/* page displayed footer area */
+#footer {
+	font-size: 9px;
+	padding-left: 10px;
+}
diff --git a/squid/errorpage.css.default b/squid/errorpage.css.default
new file mode 100644
index 0000000..6ed4362
--- /dev/null
+++ b/squid/errorpage.css.default
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+/*
+ Stylesheet for Squid Error pages
+ Adapted from design by Free CSS Templates
+ http://www.freecsstemplates.org
+ Released for free under a Creative Commons Attribution 2.5 License
+*/
+
+/* Page basics */
+* {
+	font-family: verdana, sans-serif;
+}
+
+html body {
+	margin: 0;
+	padding: 0;
+	background: #efefef;
+	font-size: 12px;
+	color: #1e1e1e;
+}
+
+/* Page displayed title area */
+#titles {
+	margin-left: 15px;
+	padding: 10px;
+	padding-left: 100px;
+	background: url('/squid-internal-static/icons/SN.png') no-repeat left;
+}
+
+/* initial title */
+#titles h1 {
+	color: #000000;
+}
+#titles h2 {
+	color: #000000;
+}
+
+/* special event: FTP success page titles */
+#titles ftpsuccess {
+	background-color:#00ff00;
+	width:100%;
+}
+
+/* Page displayed body content area */
+#content {
+	padding: 10px;
+	background: #ffffff;
+}
+
+/* General text */
+p {
+}
+
+/* error brief description */
+#error p {
+}
+
+/* some data which may have caused the problem */
+#data {
+}
+
+/* the error message received from the system or other software */
+#sysmsg {
+}
+
+pre {
+}
+
+/* special event: FTP / Gopher directory listing */
+#dirmsg {
+    font-family: courier, monospace;
+    color: black;
+    font-size: 10pt;
+}
+#dirlisting {
+    margin-left: 2%;
+    margin-right: 2%;
+}
+#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
+    border-bottom: groove;
+}
+#dirlisting td.size {
+    width: 50px;
+    text-align: right;
+    padding-right: 5px;
+}
+
+/* horizontal lines */
+hr {
+	margin: 0;
+}
+
+/* page displayed footer area */
+#footer {
+	font-size: 9px;
+	padding-left: 10px;
+}
diff --git a/squid/mime.conf b/squid/mime.conf
new file mode 100644
index 0000000..75e0d2f
--- /dev/null
+++ b/squid/mime.conf
@@ -0,0 +1,196 @@
+## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
+##
+## Squid software is distributed under GPLv2+ license and includes
+## contributions from numerous individuals and organizations.
+## Please see the COPYING and CONTRIBUTORS files for details.
+##
+#
+# This file associates URL patterns for servers or services
+# that don't automatically include Content-Type (like ftp) with a mime type
+# and a graphical icon.
+#
+# Content-Encodings are taken from section 3.1 of RFC2068 (HTTP/1.1)
+#
+# This file has the format :
+#
+# regexp	content-type			icon				encoding mode	actions
+#--------------------------------------------------------------------------------------------------------
+\.gif$			image/gif		silk/image.png			-	image	+download
+\.mime$			www/mime		silk/page_white_text.png	-	ascii	+download
+^internal-dirup$	-			silk/arrow_up.png		-	-
+^internal-dir$		-			silk/folder.png			-	-
+^internal-link$		-			silk/link.png			-	-
+^internal-logo$		-			SN.png				-	-
+^internal-menu$		-			silk/folder_table.png		-	-
+^internal-text$		-			silk/page_white_text.png	-	-
+^internal-index$	-			silk/folder_table.png		-	-
+^internal-image$	-			silk/image.png			-	-
+^internal-sound$	-			silk/music.png			-	-
+^internal-movie$	-			silk/film.png			-	-
+^internal-telnet$	-			silk/computer_link.png		-	-
+^internal-binary$	-			silk/application.png		-	-
+^internal-unknown$	-			silk/bullet_red.png		-	-
+^internal-view$		-			silk/page_white.png		-	-
+^internal-download$	-			silk/package_go.png		-	-
+\.bin$		application/macbinary		silk/application.png		-	image	+download
+\.oda$		application/oda			silk/application.png		-	image	+download
+\.exe$		application/octet-stream	silk/application.png		-	image	+download
+\.pdf$		application/pdf			silk/page_white_acrobat.png	-	image	+download
+\.ai$		application/postscript		silk/page_green.png		-	image	+download +view
+\.eps$		application/postscript		silk/page_green.png		-	image	+download +view
+\.ps$		application/postscript		silk/page_green.png		-	image	+download +view
+\.rtf$		text/rtf			silk/page_white_picture.png	-	ascii	+download +view
+\.Z$		-				silk/compress.png		compress image	+download
+\.gz$		-				silk/compress.png		gzip	image	+download
+\.bz2$		application/octet-stream	silk/compress.png		-	image	+download
+\.bz$		application/octet-stream	silk/compress.png		-	image	+download
+\.tgz$		application/x-tar		silk/compress.png		gzip	image	+download
+\.csh$		application/x-csh		silk/script.png			-	ascii	+download +view
+\.dvi$		application/x-dvi		silk/page_white_text.png	-	image	+download
+\.hdf$		application/x-hdf		silk/database.png		-	image	+download
+\.latex$	application/x-latex		silk/page_white_text.png	-	ascii	+download +view
+\.lsm$		text/plain			silk/page_white_text.png	-	ascii	+download +view
+\.nc$		application/x-netcdf		silk/cd.png			-	image	+download
+\.cdf$		application/x-netcdf		silk/cd.png			-	ascii	+download
+\.sh$		application/x-sh		silk/script.png			-	ascii	+download +view
+\.tcl$		application/x-tcl		silk/script.png			-	ascii	+download +view
+\.tex$		application/x-tex		silk/page_white_text.png	-	ascii	+download +view
+\.texi$		application/x-texinfo		silk/page_white_text.png	-	ascii	+download +view
+\.texinfo$	application/x-texinfo		silk/page_white_text.png	-	ascii	+download +view
+\.t$		application/x-troff		silk/page_white_text.png	-	ascii	+download +view
+\.roff$		application/x-troff		silk/page_white_text.png	-	ascii	+download +view
+\.tr$		application/x-troff		silk/page_white_text.png	-	ascii	+download +view
+\.man$		application/x-troff-man		silk/page_white_magnify.png	-	ascii	+download +view
+\.me$		application/x-troff-me		silk/page_white_text.png	-	ascii	+download +view
+\.ms$		application/x-troff-ms		silk/page_white_text.png	-	ascii	+download +view
+\.src$		application/x-wais-source	silk/script.png			-	ascii	+download
+\.zip$		application/zip			silk/compress.png		-	image	+download
+\.bcpio$	application/x-bcpio		silk/box.png			-	image	+download
+\.cpio$		application/x-cpio		silk/box.png			-	image	+download
+\.gtar$		application/x-gtar		silk/page_white_stack.png	-	image	+download
+\.rpm$		application/x-rpm		silk/package.png		-	image	+download
+\.shar$		application/x-shar		silk/script.png			-	image	+download +view
+\.sv4cpio$	application/x-sv4cpio		silk/box.png			-	image	+download
+\.sv4crc$	application/x-sv4crc		silk/box.png			-	image	+download
+\.tar$		application/x-tar		silk/page_white_stack.png	-	image	+download
+\.ustar$	application/x-ustar		silk/page_white_stack.png	-	image	+download
+\.au$		audio/basic			silk/music.png			-	image	+download
+\.snd$		audio/basic			silk/music.png			-	image	+download
+\.mp2$		audio/mpeg			silk/music.png			-	image	+download
+\.mp3$		audio/mpeg			silk/music.png			-	image	+download
+\.mpga$		audio/mpeg			silk/music.png			-	image	+download
+\.aif$		audio/x-aiff			silk/music.png			-	image	+download
+\.aiff$		audio/x-aiff			silk/music.png			-	image	+download
+\.aifc$		audio/x-aiff			silk/music.png			-	image	+download
+\.wav$		audio/x-wav			silk/music.png			-	image	+download
+\.bmp$		image/bmp			silk/image.png			-	image	+download
+\.ief$		image/ief			silk/image.png			-	image	+download
+\.jpeg$		image/jpeg			silk/photo.png			-	image	+download
+\.jpg$		image/jpeg			silk/photo.png			-	image	+download
+\.jpe$		image/jpeg			silk/photo.png			-	image	+download
+\.tiff$		image/tiff			silk/photo.png			-	image	+download
+\.tif$		image/tiff			silk/image.png			-	image	+download
+\.ras$		image/x-cmu-raster		silk/image.png			-	image	+download
+\.pnm$		image/x-portable-anymap		silk/image.png			-	image	+download
+\.pbm$		image/x-portable-bitmap		silk/image.png			-	image	+download
+\.pgm$		image/x-portable-graymap	silk/image.png			-	image	+download
+\.ppm$		image/x-portable-pixmap		silk/image.png			-	image	+download
+\.rgb$		image/x-rgb			silk/image.png			-	image	+download
+\.xbm$		image/x-xbitmap			silk/image.png			-	image	+download
+\.xpm$		image/x-xpixmap			silk/image.png			-	image	+download
+\.xwd$		image/x-xwindowdump		silk/image.png			-	image	+download
+\.html$		text/html			silk/page_world.png		-	ascii	+download +view
+\.htm$		text/html			silk/page_world.png		-	ascii	+download +view
+\.css$		text/css			silk/css.png			-	ascii	+download +view
+\.js$		application/x-javascript	silk/script.png			-	ascii	+download +view
+\.c$		text/plain			silk/page_white_c.png		-	ascii	+download
+\.h$		text/plain			silk/page_white_c.png		-	ascii	+download
+\.cc$		text/plain			silk/page_white_cplusplus.png	-	ascii	+download
+\.cpp$		text/plain			silk/page_white_cplusplus.png	-	ascii	+download
+\.hh$		text/plain			silk/page_white_c.png		-	ascii	+download
+\.m$		text/plain			silk/script.png			-	ascii	+download
+\.f90$		text/plain			silk/page_code.png		-	ascii	+download
+\.txt$		text/plain			silk/page_white_text.png	-	ascii	+download
+\.asc$		text/plain			silk/page_white_text.png	-	ascii	+download
+\.rtx$		text/richtext			silk/page_white_picture.png	-	ascii	+download +view
+\.tsv$		text/tab-separated-values	silk/script.png			-	ascii	+download +view
+\.etx$		text/x-setext			silk/page_white_text.png	-	ascii	+download +view
+\.mpeg$		video/mpeg			silk/film.png			-	image	+download
+\.mpg$		video/mpeg			silk/film.png			-	image	+download
+\.mpe$		video/mpeg			silk/film.png			-	image	+download
+\.qt$		video/quicktime			silk/film.png			-	image	+download
+\.mov$		video/quicktime			silk/film.png			-	image	+download
+\.avi$		video/x-msvideo			silk/film.png			-	image	+download
+\.movie$	video/x-sgi-movie		silk/film.png			-	image	+download
+\.cpt$		application/mac-compactpro	silk/compress.png		-	image	+download
+\.hqx$		application/mac-binhex40	silk/page_white_zip.png		-	image	+download
+\.mwrt$		application/macwriteii		silk/page_white_text.png	-	image	+download
+\.msw$		application/msword		silk/script.png			-	image	+download
+\.doc$		application/msword		silk/page_white_word.png	-	image	+download +view
+\.xls$		application/vnd.ms-excel	silk/page_excel.png		-	image	+download
+\.ppt$		application/vnd.ms-powerpoint	silk/page_white_powerpoint.png	-	image	+download
+\.wk[s1234]$	application/vnd.lotus-1-2-3	silk/script.png			-	image	+download
+\.mif$		application/vnd.mif		silk/page_white_text.png	-	image	+download
+\.sit$		application/x-stuffit		silk/compress.png		-	image	+download
+\.pict$		application/pict		silk/picture.png		-	image	+download
+\.pic$		application/pict		silk/picture.png		-	image	+download
+\.arj$		application/x-arj-compressed	silk/compress.png		-	image	+download
+\.lzh$		application/x-lha-compressed	silk/compress.png		-	image	+download
+\.lha$		application/x-lha-compressed	silk/compress.png		-	image	+download
+\.zlib$		application/x-deflate		silk/compress.png		deflate	image	+download
+README		text/plain			silk/information.png		-	ascii	+download
+^core$		application/octet-stream	silk/bomb.png			-	image	+download
+\.core$		application/octet-stream	silk/bomb.png			-	image	+download
+\.png$		image/png			silk/image.png			-	image	+download
+\.cab$		application/octet-stream	silk/compress.png		-	image	+download +view
+\.xpi$		application/x-xpinstall		silk/plugin_add.png		-	image	+download
+\.class$	application/octet-stream	silk/script_gear.png		-	image	+download
+\.java$		text/plain			silk/cup.png			-	ascii	+download
+\.dcr$		application/x-director		silk/script_palette.png		-	image	+download
+\.dir$		application/x-director		silk/film.png			-	image	+download
+\.dxr$		application/x-director		silk/film_key.png		-	image	+download
+\.djv$		image/vnd.djvu			silk/image.png			-	image	+download
+\.djvu$		image/vnd.djvu			silk/image.png			-	image	+download
+\.dll$		application/octet-stream	silk/plugin.png			-	image	+download
+\.dms$		application/octet-stream	silk/drive_disk.png		-	image	+download
+\.ez$		application/andrew-inset	silk/bullet_red.png		-	image	+download
+\.ice$		x-conference/x-cooltalk		silk/compress.png		-	image	+download
+\.iges$		model/iges			silk/image.png			-	image	+download
+\.igs$		model/iges			silk/image.png			-	image	+download
+\.kar$		audio/midi			silk/music.png			-	image	+download
+\.mid$		audio/midi			silk/music.png			-	image	+download
+\.midi$		audio/midi			silk/music.png			-	image	+download
+\.mesh$		model/mesh			silk/image.png			-	image	+download
+\.silo$		model/mesh			silk/image.png			-	image	+download
+\.mxu$		video/vnd.mpegurl		silk/film.png			-	image	+download
+\.pdb$		chemical/x-pdb			silk/chart_line.png		-	image	+download
+\.pgn$		application/x-chess-pgn		silk/bricks.png			-	image	+download
+\.ra$		audio/x-realaudio		silk/music.png			-	image	+download
+\.ram$		audio/x-pn-realaudio		silk/music.png			-	image	+download
+\.rm$		audio/x-pn-realaudio		silk/music.png			-	image	+download
+\.sgml$		text/sgml			silk/page_code.png		-	ascii	+download
+\.sgm$		text/sgml			silk/page_code.png		-	ascii	+download
+\.skd$		application/x-koan		silk/music.png			-	image	+download
+\.skm$		application/x-koan		silk/music.png			-	image	+download
+\.skp$		application/x-koan		silk/music.png			-	image	+download
+\.skt$		application/x-koan		silk/music.png			-	image	+download
+\.smi$		application/smil		silk/layers.png			-	image	+download
+\.smil$		application/smil		silk/layers.png			-	image	+download
+\.so$		application/octet-stream	silk/plugin.png			-	image	+download
+\.spl$		application/x-futuresplash	silk/page_white_flash.png	-	image	+download
+\.swf$		application/x-shockwave-flash	silk/page_white_flash.png	-	image	+download
+\.vcd$		application/x-cdlink		silk/cd.png			-	image	+download
+\.vrml$		model/vrml			silk/image.png			-	image	+download
+\.wbmp$		image/vnd.wap.wbmp		silk/image.png			-	image	+download
+\.wbxml$	application/vnd.wap.wbxml	silk/database_table.png		-	image	+download
+\.wmlc$		application/vnd.wap.wmlc	silk/database_table.png		-	image	+download
+\.wmlsc$	application/vnd.wap.wmlscriptc	silk/script.png			-	image	+download
+\.wmls$		application/vnd.wap.wmlscript	silk/script.png			-	image	+download
+\.xht$		application/xhtml		silk/page_world.png		-	ascii	+download
+\.xhtml$	application/xhtml		silk/page_world.png		-	ascii	+download
+\.xml$		text/xml			silk/page_world.png		-	ascii	+download
+\.xsl$		text/xml			silk/layout.png			-	ascii	+download
+\.xyz$		chemical/x-xyz			silk/chart_line.png		-	image	+download
+#
+# the default
+.		text/plain			silk/bullet_red.png		-	image	+download +view
diff --git a/squid/mime.conf.default b/squid/mime.conf.default
new file mode 100644
index 0000000..75e0d2f
--- /dev/null
+++ b/squid/mime.conf.default
@@ -0,0 +1,196 @@
+## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
+##
+## Squid software is distributed under GPLv2+ license and includes
+## contributions from numerous individuals and organizations.
+## Please see the COPYING and CONTRIBUTORS files for details.
+##
+#
+# This file associates URL patterns for servers or services
+# that don't automatically include Content-Type (like ftp) with a mime type
+# and a graphical icon.
+#
+# Content-Encodings are taken from section 3.1 of RFC2068 (HTTP/1.1)
+#
+# This file has the format :
+#
+# regexp	content-type			icon				encoding mode	actions
+#--------------------------------------------------------------------------------------------------------
+\.gif$			image/gif		silk/image.png			-	image	+download
+\.mime$			www/mime		silk/page_white_text.png	-	ascii	+download
+^internal-dirup$	-			silk/arrow_up.png		-	-
+^internal-dir$		-			silk/folder.png			-	-
+^internal-link$		-			silk/link.png			-	-
+^internal-logo$		-			SN.png				-	-
+^internal-menu$		-			silk/folder_table.png		-	-
+^internal-text$		-			silk/page_white_text.png	-	-
+^internal-index$	-			silk/folder_table.png		-	-
+^internal-image$	-			silk/image.png			-	-
+^internal-sound$	-			silk/music.png			-	-
+^internal-movie$	-			silk/film.png			-	-
+^internal-telnet$	-			silk/computer_link.png		-	-
+^internal-binary$	-			silk/application.png		-	-
+^internal-unknown$	-			silk/bullet_red.png		-	-
+^internal-view$		-			silk/page_white.png		-	-
+^internal-download$	-			silk/package_go.png		-	-
+\.bin$		application/macbinary		silk/application.png		-	image	+download
+\.oda$		application/oda			silk/application.png		-	image	+download
+\.exe$		application/octet-stream	silk/application.png		-	image	+download
+\.pdf$		application/pdf			silk/page_white_acrobat.png	-	image	+download
+\.ai$		application/postscript		silk/page_green.png		-	image	+download +view
+\.eps$		application/postscript		silk/page_green.png		-	image	+download +view
+\.ps$		application/postscript		silk/page_green.png		-	image	+download +view
+\.rtf$		text/rtf			silk/page_white_picture.png	-	ascii	+download +view
+\.Z$		-				silk/compress.png		compress image	+download
+\.gz$		-				silk/compress.png		gzip	image	+download
+\.bz2$		application/octet-stream	silk/compress.png		-	image	+download
+\.bz$		application/octet-stream	silk/compress.png		-	image	+download
+\.tgz$		application/x-tar		silk/compress.png		gzip	image	+download
+\.csh$		application/x-csh		silk/script.png			-	ascii	+download +view
+\.dvi$		application/x-dvi		silk/page_white_text.png	-	image	+download
+\.hdf$		application/x-hdf		silk/database.png		-	image	+download
+\.latex$	application/x-latex		silk/page_white_text.png	-	ascii	+download +view
+\.lsm$		text/plain			silk/page_white_text.png	-	ascii	+download +view
+\.nc$		application/x-netcdf		silk/cd.png			-	image	+download
+\.cdf$		application/x-netcdf		silk/cd.png			-	ascii	+download
+\.sh$		application/x-sh		silk/script.png			-	ascii	+download +view
+\.tcl$		application/x-tcl		silk/script.png			-	ascii	+download +view
+\.tex$		application/x-tex		silk/page_white_text.png	-	ascii	+download +view
+\.texi$		application/x-texinfo		silk/page_white_text.png	-	ascii	+download +view
+\.texinfo$	application/x-texinfo		silk/page_white_text.png	-	ascii	+download +view
+\.t$		application/x-troff		silk/page_white_text.png	-	ascii	+download +view
+\.roff$		application/x-troff		silk/page_white_text.png	-	ascii	+download +view
+\.tr$		application/x-troff		silk/page_white_text.png	-	ascii	+download +view
+\.man$		application/x-troff-man		silk/page_white_magnify.png	-	ascii	+download +view
+\.me$		application/x-troff-me		silk/page_white_text.png	-	ascii	+download +view
+\.ms$		application/x-troff-ms		silk/page_white_text.png	-	ascii	+download +view
+\.src$		application/x-wais-source	silk/script.png			-	ascii	+download
+\.zip$		application/zip			silk/compress.png		-	image	+download
+\.bcpio$	application/x-bcpio		silk/box.png			-	image	+download
+\.cpio$		application/x-cpio		silk/box.png			-	image	+download
+\.gtar$		application/x-gtar		silk/page_white_stack.png	-	image	+download
+\.rpm$		application/x-rpm		silk/package.png		-	image	+download
+\.shar$		application/x-shar		silk/script.png			-	image	+download +view
+\.sv4cpio$	application/x-sv4cpio		silk/box.png			-	image	+download
+\.sv4crc$	application/x-sv4crc		silk/box.png			-	image	+download
+\.tar$		application/x-tar		silk/page_white_stack.png	-	image	+download
+\.ustar$	application/x-ustar		silk/page_white_stack.png	-	image	+download
+\.au$		audio/basic			silk/music.png			-	image	+download
+\.snd$		audio/basic			silk/music.png			-	image	+download
+\.mp2$		audio/mpeg			silk/music.png			-	image	+download
+\.mp3$		audio/mpeg			silk/music.png			-	image	+download
+\.mpga$		audio/mpeg			silk/music.png			-	image	+download
+\.aif$		audio/x-aiff			silk/music.png			-	image	+download
+\.aiff$		audio/x-aiff			silk/music.png			-	image	+download
+\.aifc$		audio/x-aiff			silk/music.png			-	image	+download
+\.wav$		audio/x-wav			silk/music.png			-	image	+download
+\.bmp$		image/bmp			silk/image.png			-	image	+download
+\.ief$		image/ief			silk/image.png			-	image	+download
+\.jpeg$		image/jpeg			silk/photo.png			-	image	+download
+\.jpg$		image/jpeg			silk/photo.png			-	image	+download
+\.jpe$		image/jpeg			silk/photo.png			-	image	+download
+\.tiff$		image/tiff			silk/photo.png			-	image	+download
+\.tif$		image/tiff			silk/image.png			-	image	+download
+\.ras$		image/x-cmu-raster		silk/image.png			-	image	+download
+\.pnm$		image/x-portable-anymap		silk/image.png			-	image	+download
+\.pbm$		image/x-portable-bitmap		silk/image.png			-	image	+download
+\.pgm$		image/x-portable-graymap	silk/image.png			-	image	+download
+\.ppm$		image/x-portable-pixmap		silk/image.png			-	image	+download
+\.rgb$		image/x-rgb			silk/image.png			-	image	+download
+\.xbm$		image/x-xbitmap			silk/image.png			-	image	+download
+\.xpm$		image/x-xpixmap			silk/image.png			-	image	+download
+\.xwd$		image/x-xwindowdump		silk/image.png			-	image	+download
+\.html$		text/html			silk/page_world.png		-	ascii	+download +view
+\.htm$		text/html			silk/page_world.png		-	ascii	+download +view
+\.css$		text/css			silk/css.png			-	ascii	+download +view
+\.js$		application/x-javascript	silk/script.png			-	ascii	+download +view
+\.c$		text/plain			silk/page_white_c.png		-	ascii	+download
+\.h$		text/plain			silk/page_white_c.png		-	ascii	+download
+\.cc$		text/plain			silk/page_white_cplusplus.png	-	ascii	+download
+\.cpp$		text/plain			silk/page_white_cplusplus.png	-	ascii	+download
+\.hh$		text/plain			silk/page_white_c.png		-	ascii	+download
+\.m$		text/plain			silk/script.png			-	ascii	+download
+\.f90$		text/plain			silk/page_code.png		-	ascii	+download
+\.txt$		text/plain			silk/page_white_text.png	-	ascii	+download
+\.asc$		text/plain			silk/page_white_text.png	-	ascii	+download
+\.rtx$		text/richtext			silk/page_white_picture.png	-	ascii	+download +view
+\.tsv$		text/tab-separated-values	silk/script.png			-	ascii	+download +view
+\.etx$		text/x-setext			silk/page_white_text.png	-	ascii	+download +view
+\.mpeg$		video/mpeg			silk/film.png			-	image	+download
+\.mpg$		video/mpeg			silk/film.png			-	image	+download
+\.mpe$		video/mpeg			silk/film.png			-	image	+download
+\.qt$		video/quicktime			silk/film.png			-	image	+download
+\.mov$		video/quicktime			silk/film.png			-	image	+download
+\.avi$		video/x-msvideo			silk/film.png			-	image	+download
+\.movie$	video/x-sgi-movie		silk/film.png			-	image	+download
+\.cpt$		application/mac-compactpro	silk/compress.png		-	image	+download
+\.hqx$		application/mac-binhex40	silk/page_white_zip.png		-	image	+download
+\.mwrt$		application/macwriteii		silk/page_white_text.png	-	image	+download
+\.msw$		application/msword		silk/script.png			-	image	+download
+\.doc$		application/msword		silk/page_white_word.png	-	image	+download +view
+\.xls$		application/vnd.ms-excel	silk/page_excel.png		-	image	+download
+\.ppt$		application/vnd.ms-powerpoint	silk/page_white_powerpoint.png	-	image	+download
+\.wk[s1234]$	application/vnd.lotus-1-2-3	silk/script.png			-	image	+download
+\.mif$		application/vnd.mif		silk/page_white_text.png	-	image	+download
+\.sit$		application/x-stuffit		silk/compress.png		-	image	+download
+\.pict$		application/pict		silk/picture.png		-	image	+download
+\.pic$		application/pict		silk/picture.png		-	image	+download
+\.arj$		application/x-arj-compressed	silk/compress.png		-	image	+download
+\.lzh$		application/x-lha-compressed	silk/compress.png		-	image	+download
+\.lha$		application/x-lha-compressed	silk/compress.png		-	image	+download
+\.zlib$		application/x-deflate		silk/compress.png		deflate	image	+download
+README		text/plain			silk/information.png		-	ascii	+download
+^core$		application/octet-stream	silk/bomb.png			-	image	+download
+\.core$		application/octet-stream	silk/bomb.png			-	image	+download
+\.png$		image/png			silk/image.png			-	image	+download
+\.cab$		application/octet-stream	silk/compress.png		-	image	+download +view
+\.xpi$		application/x-xpinstall		silk/plugin_add.png		-	image	+download
+\.class$	application/octet-stream	silk/script_gear.png		-	image	+download
+\.java$		text/plain			silk/cup.png			-	ascii	+download
+\.dcr$		application/x-director		silk/script_palette.png		-	image	+download
+\.dir$		application/x-director		silk/film.png			-	image	+download
+\.dxr$		application/x-director		silk/film_key.png		-	image	+download
+\.djv$		image/vnd.djvu			silk/image.png			-	image	+download
+\.djvu$		image/vnd.djvu			silk/image.png			-	image	+download
+\.dll$		application/octet-stream	silk/plugin.png			-	image	+download
+\.dms$		application/octet-stream	silk/drive_disk.png		-	image	+download
+\.ez$		application/andrew-inset	silk/bullet_red.png		-	image	+download
+\.ice$		x-conference/x-cooltalk		silk/compress.png		-	image	+download
+\.iges$		model/iges			silk/image.png			-	image	+download
+\.igs$		model/iges			silk/image.png			-	image	+download
+\.kar$		audio/midi			silk/music.png			-	image	+download
+\.mid$		audio/midi			silk/music.png			-	image	+download
+\.midi$		audio/midi			silk/music.png			-	image	+download
+\.mesh$		model/mesh			silk/image.png			-	image	+download
+\.silo$		model/mesh			silk/image.png			-	image	+download
+\.mxu$		video/vnd.mpegurl		silk/film.png			-	image	+download
+\.pdb$		chemical/x-pdb			silk/chart_line.png		-	image	+download
+\.pgn$		application/x-chess-pgn		silk/bricks.png			-	image	+download
+\.ra$		audio/x-realaudio		silk/music.png			-	image	+download
+\.ram$		audio/x-pn-realaudio		silk/music.png			-	image	+download
+\.rm$		audio/x-pn-realaudio		silk/music.png			-	image	+download
+\.sgml$		text/sgml			silk/page_code.png		-	ascii	+download
+\.sgm$		text/sgml			silk/page_code.png		-	ascii	+download
+\.skd$		application/x-koan		silk/music.png			-	image	+download
+\.skm$		application/x-koan		silk/music.png			-	image	+download
+\.skp$		application/x-koan		silk/music.png			-	image	+download
+\.skt$		application/x-koan		silk/music.png			-	image	+download
+\.smi$		application/smil		silk/layers.png			-	image	+download
+\.smil$		application/smil		silk/layers.png			-	image	+download
+\.so$		application/octet-stream	silk/plugin.png			-	image	+download
+\.spl$		application/x-futuresplash	silk/page_white_flash.png	-	image	+download
+\.swf$		application/x-shockwave-flash	silk/page_white_flash.png	-	image	+download
+\.vcd$		application/x-cdlink		silk/cd.png			-	image	+download
+\.vrml$		model/vrml			silk/image.png			-	image	+download
+\.wbmp$		image/vnd.wap.wbmp		silk/image.png			-	image	+download
+\.wbxml$	application/vnd.wap.wbxml	silk/database_table.png		-	image	+download
+\.wmlc$		application/vnd.wap.wmlc	silk/database_table.png		-	image	+download
+\.wmlsc$	application/vnd.wap.wmlscriptc	silk/script.png			-	image	+download
+\.wmls$		application/vnd.wap.wmlscript	silk/script.png			-	image	+download
+\.xht$		application/xhtml		silk/page_world.png		-	ascii	+download
+\.xhtml$	application/xhtml		silk/page_world.png		-	ascii	+download
+\.xml$		text/xml			silk/page_world.png		-	ascii	+download
+\.xsl$		text/xml			silk/layout.png			-	ascii	+download
+\.xyz$		chemical/x-xyz			silk/chart_line.png		-	image	+download
+#
+# the default
+.		text/plain			silk/bullet_red.png		-	image	+download +view
diff --git a/squid/squid.conf b/squid/squid.conf
new file mode 100644
index 0000000..8d52410
--- /dev/null
+++ b/squid/squid.conf
@@ -0,0 +1,76 @@
+#
+# Recommended minimum configuration:
+#
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
+acl localnet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
+acl localnet src fc00::/7       	# RFC 4193 local private network range
+acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80		# http
+acl Safe_ports port 21		# ftp
+acl Safe_ports port 443		# https
+acl Safe_ports port 70		# gopher
+acl Safe_ports port 210		# wais
+acl Safe_ports port 1025-65535	# unregistered ports
+acl Safe_ports port 280		# http-mgmt
+acl Safe_ports port 488		# gss-http
+acl Safe_ports port 591		# filemaker
+acl Safe_ports port 777		# multiling http
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+#http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+http_access allow localnet
+http_access allow localhost
+
+# And finally deny all other access to this proxy
+http_access deny all
+
+# Squid normally listens to port 3128
+http_port 3128
+
+# Uncomment and adjust the following to add a disk cache directory.
+#cache_dir ufs /var/spool/squid 100 16 256
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/spool/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp:		1440	20%	10080
+refresh_pattern ^gopher:	1440	0%	1440
+refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
+refresh_pattern .		0	20%	4320
diff --git a/squid/squid.conf.default b/squid/squid.conf.default
new file mode 100644
index 0000000..8d52410
--- /dev/null
+++ b/squid/squid.conf.default
@@ -0,0 +1,76 @@
+#
+# Recommended minimum configuration:
+#
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
+acl localnet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
+acl localnet src fc00::/7       	# RFC 4193 local private network range
+acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80		# http
+acl Safe_ports port 21		# ftp
+acl Safe_ports port 443		# https
+acl Safe_ports port 70		# gopher
+acl Safe_ports port 210		# wais
+acl Safe_ports port 1025-65535	# unregistered ports
+acl Safe_ports port 280		# http-mgmt
+acl Safe_ports port 488		# gss-http
+acl Safe_ports port 591		# filemaker
+acl Safe_ports port 777		# multiling http
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+#http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+http_access allow localnet
+http_access allow localhost
+
+# And finally deny all other access to this proxy
+http_access deny all
+
+# Squid normally listens to port 3128
+http_port 3128
+
+# Uncomment and adjust the following to add a disk cache directory.
+#cache_dir ufs /var/spool/squid 100 16 256
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/spool/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp:		1440	20%	10080
+refresh_pattern ^gopher:	1440	0%	1440
+refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
+refresh_pattern .		0	20%	4320
diff --git a/sysconfig/squid b/sysconfig/squid
new file mode 100644
index 0000000..3864bd8
--- /dev/null
+++ b/sysconfig/squid
@@ -0,0 +1,9 @@
+# default squid options
+SQUID_OPTS=""
+
+# Time to wait for Squid to shut down when asked. Should not be necessary
+# most of the time.
+SQUID_SHUTDOWN_TIMEOUT=100
+
+# default squid conf file
+SQUID_CONF="/etc/squid/squid.conf"