Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- PROXY_USER=user
- PROXY_PASS=pass
- PROXY_PORT=8080
- # Clear the repository index caches
- yum clean all
- # Update the operating system
- yum update -y
- # Install httpd-tools to get htpasswd
- yum install httpd-tools -y
- # Install squid
- yum install squid -y
- # Create the htpasswd file
- htpasswd -c -b /etc/squid/passwords $PROXY_USER $PROXY_PASS
- # Backup the original squid config
- cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
- # Set up the squid config
- cat << EOF > /etc/squid/squid.conf
- auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwords
- auth_param basic realm proxy
- acl authenticated proxy_auth REQUIRED
- http_access allow authenticated
- forwarded_for delete
- http_port 0.0.0.0:$PROXY_PORT
- visible_hostname ipv2.cool.com
- # deny cache
- hierarchy_stoplist cgi-bin ?
- acl QUERY urlpath_regex cgi-bin \? \.css
- no_cache deny QUERY
- acl NOT_TO_CACHE dstdomain "/etc/squid/list/not-to-cache.conf"
- no_cache deny NOT_TO_CACHE
- # ANONYMOUS PROXY
- forwarded_for off
- request_header_access Allow allow all
- request_header_access Authorization allow all
- request_header_access WWW-Authenticate allow all
- request_header_access Proxy-Authorization allow all
- request_header_access Proxy-Authenticate allow all
- request_header_access Cache-Control allow all
- request_header_access Content-Encoding allow all
- request_header_access Content-Length allow all
- request_header_access Content-Type allow all
- request_header_access Date allow all
- request_header_access Expires allow all
- request_header_access Host allow all
- request_header_access If-Modified-Since allow all
- request_header_access Last-Modified allow all
- request_header_access Location allow all
- request_header_access Pragma allow all
- request_header_access Accept allow all
- request_header_access Accept-Charset allow all
- request_header_access Accept-Encoding allow all
- request_header_access Accept-Language allow all
- request_header_access Content-Language allow all
- request_header_access Mime-Version allow all
- request_header_access Retry-After allow all
- request_header_access Title allow all
- request_header_access Connection allow all
- request_header_access Proxy-Connection allow all
- request_header_access User-Agent allow all
- request_header_access Cookie allow all
- request_header_access All deny all
- EOF
- # Set squid to start on boot
- chkconfig squid on
- # Start squid
- /etc/init.d/squid start
- # Set up the iptables config
- cat << EOF > /etc/sysconfig/iptables
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- #######################################################
- # BEGIN CUSTOM RULES
- #######################################################
- # Allow SSH from anywhere
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
- # Allow squid access from anywhere
- -A INPUT -m state --state NEW -m tcp -p tcp --dport $PROXY_PORT -j ACCEPT
- #######################################################
- # END CUSTOM RULES
- #######################################################
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- COMMIT
- EOF
- # Restart iptables
- /etc/init.d/iptables restart
- # Start squid
- /etc/init.d/squid start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement