Comment 1 for bug 804267

That would allow other machines in your network to use your proxy to access all sites. You can edit /etc/squid-deb-proxy/mirror-dstdomain.acl and add the hostnames of your private repositories to it.

If you really want to allow access to resources based on the path, comment the following line in /etc/squid-deb-proxy/squid-deb-proxy.conf by adding a hash sign (#) before it:
http_access deny !to_ubuntu_mirrors

Next, add two line after `http_access allow localhost`:

acl Safe_path urlpath_regex (\.deb|Release(\.gpg)?\|(Sources|Packages)\.(bz2|gz)|Contents-(amd64|i386)\.gz)$
http_access deny !Safe_path

The above regex is incomplete, a lot files are still not included but it should be sufficient for regular apt-get update and apt-get installs (not apt-get source).

Related documentation: http://www.squid-cache.org/Versions/v2/2.7/cfgman/acl.html