Squid Install script "Elite Proxy" on CentOS with multiple IPs
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Squid Install script "Elite Proxy" on CentOS with multiple IPs

LeoKLeoK Member
edited May 2014 in General

Based on a original script by MikHo

    #!/bin/bash


    # This script is distributed under a Creative Commons ShareAlike 3.0 licence.
    # http://creativecommons.org/licenses/by-sa/3.0/

    yum update

    clear

    yum install squid -y

    rm -rf /etc/squid/squid.conf

    touch /etc/squid/squid.conf

    # now get list of ips and add to /etc/squid/squid.conf
    # now get list of ips and add to /etc/squid/squid.conf
    COUNTER=0
    for i in `ifconfig | grep inet | grep -v 127.0.0.1 | grep -v inet6 | sed 's/:/ /g' | awk '{print $3}'`
    do
    COUNTER=$(($COUNTER+1))
            echo -e "acl ip$COUNTER myip $i\ntcp_outgoing_address $i ip $COUNTER" >> /etc/squid/squid.conf

    done


    # Now add more shit to the /etc/squid/squid.conf

    echo -e "
    http_port 3128
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32 ::1
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
    acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
    acl localnet src fc00::/7       # RFC 4193 local private network range
    acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

    acl SSL_ports port 443
    acl Safe_ports port 80        # http
    acl Safe_ports port 425       # smtp
    acl Safe_ports port 21        # ftp
    acl Safe_ports port 443       # https
    acl Safe_ports port 70        # gopher
    acl Safe_ports port 210       # wais
    acl Safe_ports port 1025-65535    # unregistered ports
    acl Safe_ports port 280        # http-mgmt
    acl Safe_ports port 488        # gss-http
    acl Safe_ports port 591        # filemaker
    acl Safe_ports port 777        # multiling http
    acl CONNECT method CONNECT

    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localnet
    http_access allow localhost
    hierarchy_stoplist cgi-bin ?
    coredump_dir /var/spool/squid
    refresh_pattern ^ftp:        1440    20%    10080
    refresh_pattern ^gopher:    1440    0%    1440
    refresh_pattern -i (/cgi-bin/|?) 0    0%    0
    refresh_pattern .        0    20%    4320
    auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_access
    auth_param basic childred 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    acl ncsaauth proxy_auth REQUIRED
    http_access allow ncsaauth
    forwarded_for off
    request_header_access Allow allow all
    request_header_access Authorization allow all
    request_header_access WWW-Authenticate allow all
    request_header_access Proxy-Authorization allow all
    request_header_access Proxy-Authenticate allow all
    request_header_access Cache-Control allow all
    request_header_access Content-Encoding allow all
    request_header_access Content-Length allow all
    request_header_access Content-Type allow all
    request_header_access Date allow all
    request_header_access Expires allow all
    request_header_access Host allow all
    request_header_access If-Modified-Since allow all
    request_header_access Last-Modified allow all
    request_header_access Location allow all
    request_header_access Pragma allow all
    request_header_access Accept allow all
    request_header_access Accept-Charset allow all
    request_header_access Accept-Encoding allow all
    request_header_access Accept-Language allow all
    request_header_access Content-Language allow all
    request_header_access Mime-Version allow all
    request_header_access Retry-After allow all
    request_header_access Title allow all
    request_header_access Connection allow all
    request_header_access Proxy-Connection allow all
    request_header_access User-Agent allow all
    request_header_access Cookie allow all
    request_header_access All deny all" >> /etc/squid/squid.conf

    # Edit "user" and "password"
    htpasswd -b -c /etc/squid/squid_access **user** **password** 

    service squid restart

    clear

    chkconfig squid on

   echo "DONE"
Sign In or Register to comment.