The difficulty is not the configuring of squid or even HTTP::Proxy to filter out keywords or domains. Thats easy. The real problem is maintaining the restriction list. And that is a whole can of worms + nightmare all rolled into one. Even the professional companies, such as netnany, websense or secure computing don't allways get that right.
in reply to using HTTP::PROXY instead of SQUID as a company firewall
Remember that amateurs built Noah's Ark. Professionals built the Titanic.