diff --git a/squid/README.md b/squid/README.md
index c3ae470..cfc73b0 100644
--- a/squid/README.md
+++ b/squid/README.md
@@ -20,6 +20,7 @@ services:
       - "3128:3128/tcp"
       - "3130:3130/udp"
     volumes:
+      - ./data/etc/squid.conf:/etc/squid/squid.conf
       - ./data/cache:/var/cache/squid
       - ./data/log:/var/log/squid
     stop_signal: SIGKILL
@@ -27,13 +28,15 @@ services:
 ```
 
 > You can mount custom config file as `/etc/squid/squid.conf`.
+>> You need to run `squid -z` when `cache_dir ufs` is enabled.
 
 ## Up and Running
 
 ```bash
 # server
-$ mkdir -p data/{cache,log}
+$ mkdir -p data/{etc,cache,log}
 $ chmod -R 777 data
+$ docker-compose run --rm squid squid -z
 $ docker-compose up -d
 
 # client
diff --git a/squid/arm/squid.conf b/squid/data/etc/squid.conf
similarity index 74%
rename from squid/arm/squid.conf
rename to squid/data/etc/squid.conf
index 14d64c7..1cc3f4c 100644
--- a/squid/arm/squid.conf
+++ b/squid/data/etc/squid.conf
@@ -5,11 +5,14 @@
 # Example rule allowing access from your local networks.
 # Adapt to list your (internal) IP networks from where browsing
 # should be allowed
-acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
-acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
-acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
-acl localnet src fc00::/7       # RFC 4193 local private network range
-acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
+acl localnet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
+acl localnet src fc00::/7       	# RFC 4193 local private network range
+acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
 
 acl SSL_ports port 443
 acl Safe_ports port 80		# http
@@ -22,7 +25,6 @@ acl Safe_ports port 280		# http-mgmt
 acl Safe_ports port 488		# gss-http
 acl Safe_ports port 591		# filemaker
 acl Safe_ports port 777		# multiling http
-acl CONNECT method CONNECT
 
 #
 # Recommended minimum Access Permission configuration:
@@ -59,7 +61,7 @@ http_access deny all
 http_port 3128
 
 # Uncomment and adjust the following to add a disk cache directory.
-#cache_dir ufs /var/cache/squid 100 16 256
+cache_dir ufs /var/cache/squid 100 16 256
 
 # Leave coredumps in the first cache dir
 coredump_dir /var/cache/squid
diff --git a/squid/docker-compose.yml b/squid/docker-compose.yml
index 53aacfa..975d55c 100644
--- a/squid/docker-compose.yml
+++ b/squid/docker-compose.yml
@@ -6,6 +6,7 @@ services:
       - "3128:3128/tcp"
       - "3130:3130/udp"
     volumes:
+      - ./data/etc/squid.conf:/etc/squid/squid.conf
       - ./data/cache:/var/cache/squid
       - ./data/log:/var/log/squid
     stop_signal: SIGKILL