diff --git a/files/squid/helpers/squid-url-rewrite.py b/files/squid/helpers/squid-url-rewrite.py
index 7b4f33dbe6f5bb364b3dc9d979f7fe13259ffaa1..0a58d9969c8413afe2ac1178a76551063a32b382 100755
--- a/files/squid/helpers/squid-url-rewrite.py
+++ b/files/squid/helpers/squid-url-rewrite.py
@@ -17,6 +17,8 @@ filterlog = "/var/log/squid/filter.log"
 basedir = "/usr/libexec/squid/helpers"
 hostname = socket.gethostname()
 
+log = open(filterlog, 'a')
+
 def block_response(url):
     quoted_url = urllib.parse.quote(url)
     if re.match('.*\.s?html([#?].*)?', url) or re.match('.*/[^./]*', url):
@@ -36,7 +38,7 @@ def modify_url(line, ruleset):
 ### [channel-ID <SP>] URL <SP> client_ip "/" fqdn <SP> user <SP> method [<SP> kv-pairs]<NL>
     list = line.split(' ')
 
-    if list[0].isdigit():
+    if list[0].isdigit() and len(list) > 1:
         url = list[1]
     else:
         url = list[0]
@@ -73,63 +75,67 @@ def load_rules(ruleset, filename):
                 columns = line.strip().split()
                 ruleset.append( [ re.compile(columns[0]), columns[1].lower() == 'true' ] )
 
-
-def main():
-    
+def deny_all_ruleset():
     ruleset = list()
+    ruleset.append( [re.compile(emptyrex), True] )
+    ruleset.append( [re.compile(errorrex), True] )
+    ruleset.append( [re.compile("^.*"), False] )
+    return ruleset
 
-    block_all = basedir + "/../BLOCK_ALL"
-    if os.path.isfile(block_all):
-        ruleset.append( [re.compile(emptyrex), True] )
-        ruleset.append( [re.compile(errorrex), True] )
-        ruleset.append( [re.compile("^.*"), False] )
-
-    # Load all rules to a temporary ruleset and then add it to the rules
-    # Failure to load rules will then lead to complete denial of service and be noticed
-    tmpruleset = list()
+def load_ruleset():
     try:
+        block_all = basedir + "/../BLOCK_ALL"
+        if os.path.isfile(block_all):
+            return deny_all_ruleset()
+
+        ruleset = list()
         devel_rules = basedir + "/../devel.rules"
         if os.path.isfile(devel_rules):
-            load_rules(tmpruleset, devel_rules)
+            load_rules(ruleset, devel_rules)
 
         # load opendsa first to let it override default rules
-        load_rules(tmpruleset, basedir + "/rules.d/opendsa.rules")
-        load_rules(tmpruleset, basedir + "/rules.d/default.rules")
-        load_rules(tmpruleset, basedir + "/rules.d/rstudio.rules")
-        load_rules(tmpruleset, basedir + "/rules.d/cplusplus.rules")
-        load_rules(tmpruleset, basedir + "/rules.d/python.rules")
-        load_rules(tmpruleset, basedir + "/rules.d/java.rules")
-        load_rules(tmpruleset, basedir + "/rules.d/ruby.rules")
-        load_rules(tmpruleset, basedir + "/rules.d/sas.rules")
-        load_rules(tmpruleset, basedir + "/rules.d/translate.rules")
-        load_rules(tmpruleset, basedir + "/rules.d/office.forms.rules")
-
-        ruleset.extend(tmpruleset)
+        load_rules(ruleset, basedir + "/rules.d/opendsa.rules")
+        load_rules(ruleset, basedir + "/rules.d/default.rules")
+        load_rules(ruleset, basedir + "/rules.d/rstudio.rules")
+        load_rules(ruleset, basedir + "/rules.d/cplusplus.rules")
+        load_rules(ruleset, basedir + "/rules.d/python.rules")
+        load_rules(ruleset, basedir + "/rules.d/java.rules")
+        load_rules(ruleset, basedir + "/rules.d/ruby.rules")
+        load_rules(ruleset, basedir + "/rules.d/sas.rules")
+        load_rules(ruleset, basedir + "/rules.d/translate.rules")
+        load_rules(ruleset, basedir + "/rules.d/office.forms.rules")
+
+        return ruleset
         
     except Exception as e:
-        sys.stderr.write( str( e ) )
-        sys.stderr.flush()
+        log.write( "load_ruleset: Error: {}\n".format(str(e)) )
+        log.flush()
 
-    with open(filterlog, 'a') as log:
-        while True:
-            try:
-                line = sys.stdin.readline().strip()
+    return deny_all_ruleset()
 
-                log.write('{}: {}\n'.format(datetime.datetime.now().strftime("%Y-%m-%d_%H-%M"), line))
+def main(debug=False):
+    try:
+        ruleset = load_ruleset()
+        
+        while True:
+            line = sys.stdin.readline().strip()
+            new_url = modify_url(line, ruleset)
+
+            if ( debug ):
+                time = datetime.datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
+                msg = '{}: {}\n'.format(time, line)
+                msg += 'From: {}\n'.format(line)
+                msg += 'To: {}\n'.format(new_url)
+                log.write(msg)
                 log.flush()
 
-                log.write("From: " + line + "\n")
-                log.flush()
+            sys.stdout.write(new_url + '\n')
+            sys.stdout.flush()
             
-                new_url = modify_url(line, ruleset)
-
-                log.write("To: " + new_url + "\n")
-                log.flush()
+    except Exception as e:
+        log.write( "url_rewrite: Error: {}\n".format(str(e)) )
+        log.flush()
 
-                sys.stdout.write(new_url + '\n')
-                sys.stdout.flush()
-            except Exception as e:
-                sys.stderr.write( str( e ) )
-                sys.stderr.flush()
+main(True)
 
-main()
+log.close()
diff --git a/files/squid/squid.conf b/files/squid/squid.conf
index 3e325544059591ba0e19608a25553a99d2276341..024e1ef680f20f00a47c1612c2b09e3b4ad093f7 100644
--- a/files/squid/squid.conf
+++ b/files/squid/squid.conf
@@ -70,6 +70,7 @@ http_access deny to_localhost
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 #
 url_rewrite_program /usr/libexec/squid/helpers/squid-url-rewrite.py
+url_rewrite_children 20 startup=0 idle=1 concurrency=0 on-persistent-overload=die
 logfile_rotate 6
 
 #auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth