#!/bin/shPROXY_USER=userPROXY_PASS=passPROXY_PORT=8080# Clear the re

1. #!/bin/sh
2.  
3. PROXY_USER=user
4. PROXY_PASS=pass
5. PROXY_PORT=8080
6.  
7. # Clear the repository index caches
8. yum clean all
9.  
10. # Update the operating system
11. yum update -y
12.  
13. # Install httpd-tools to get htpasswd
14. yum install httpd-tools -y
15.  
16. # Install squid
17. yum install squid -y
18.  
19. # Create the htpasswd file
20. htpasswd -c -b /etc/squid/passwords $PROXY_USER $PROXY_PASS
21.  
22. # Backup the original squid config
23. cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
24.  
25. # Set up the squid config
26. cat << EOF > /etc/squid/squid.conf
27. auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwords
28. auth_param basic realm proxy
29. acl authenticated proxy_auth REQUIRED
30. http_access allow authenticated
31. forwarded_for delete
32. http_port 0.0.0.0:$PROXY_PORT
33. visible_hostname ipv2.cool.com
34.  
35. # deny cache
36. hierarchy_stoplist cgi-bin ?
37. acl QUERY urlpath_regex cgi-bin \? \.css
38. no_cache deny QUERY
39. acl NOT_TO_CACHE dstdomain "/etc/squid/list/not-to-cache.conf"
40. no_cache deny NOT_TO_CACHE
41.  
42. # ANONYMOUS PROXY
43. forwarded_for off
44. request_header_access Allow allow all
45. request_header_access Authorization allow all
46. request_header_access WWW-Authenticate allow all
47. request_header_access Proxy-Authorization allow all
48. request_header_access Proxy-Authenticate allow all
49. request_header_access Cache-Control allow all
50. request_header_access Content-Encoding allow all
51. request_header_access Content-Length allow all
52. request_header_access Content-Type allow all
53. request_header_access Date allow all
54. request_header_access Expires allow all
55. request_header_access Host allow all
56. request_header_access If-Modified-Since allow all
57. request_header_access Last-Modified allow all
58. request_header_access Location allow all
59. request_header_access Pragma allow all
60. request_header_access Accept allow all
61. request_header_access Accept-Charset allow all
62. request_header_access Accept-Encoding allow all
63. request_header_access Accept-Language allow all
64. request_header_access Content-Language allow all
65. request_header_access Mime-Version allow all
66. request_header_access Retry-After allow all
67. request_header_access Title allow all
68. request_header_access Connection allow all
69. request_header_access Proxy-Connection allow all
70. request_header_access User-Agent allow all
71. request_header_access Cookie allow all
72. request_header_access All deny all
73. EOF
74.  
75. # Set squid to start on boot
76. chkconfig squid on
77.  
78. # Start squid
79. /etc/init.d/squid start
80.  
81. # Set up the iptables config
82. cat << EOF > /etc/sysconfig/iptables
83. *filter
84. :INPUT ACCEPT [0:0]
85. :FORWARD ACCEPT [0:0]
86. :OUTPUT ACCEPT [0:0]
87. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
88. -A INPUT -p icmp -j ACCEPT
89. -A INPUT -i lo -j ACCEPT
90.  
91. #######################################################
92. # BEGIN CUSTOM RULES
93. #######################################################
94.  
95. # Allow SSH from anywhere
96. -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
97.  
98. # Allow squid access from anywhere
99. -A INPUT -m state --state NEW -m tcp -p tcp --dport $PROXY_PORT -j ACCEPT
100.  
101. #######################################################
102. # END CUSTOM RULES
103. #######################################################
104.  
105. -A INPUT -j REJECT --reject-with icmp-host-prohibited
106. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
107. COMMIT
108. EOF
109.  
110. # Restart iptables
111. /etc/init.d/iptables restart
112.  
113. # Start squid
114. /etc/init.d/squid start