squid-deb-proxy does not allow downloading from arbitrary mirrors of packages

That would allow other machines in your network to use your proxy to access all sites. You can edit /etc/squid-deb-proxy/mirror-dstdomain.acl and add the hostnames of your private repositories to it.

If you really want to allow access to resources based on the path, comment the following line in /etc/squid-deb-proxy/squid-deb-proxy.conf by adding a hash sign (#) before it:
http_access deny !to_ubuntu_mirrors

Next, add two line after `http_access allow localhost`:

acl Safe_path urlpath_regex (\.deb|Release(\.gpg)?\|(Sources|Packages)\.(bz2|gz)|Contents-(amd64|i386)\.gz)$
http_access deny !Safe_path

The above regex is incomplete, a lot files are still not included but it should be sufficient for regular apt-get update and apt-get installs (not apt-get source).

Related documentation: http://www.squid-cache.org/Versions/v2/2.7/cfgman/acl.html

The acl Safe_path ... \.gz)$ lines should be put on one line, but due to formatting by Launchpad, it got split up.

Lekensteyn, that makes this unsuitable for general use in Ubuntu. PPA's and various other sources are very easy to use, and the failure this causes is very difficult to understand.

Isn't it a duplicate of #545830 ?