3rd place in the Teach something, Win something contest goes to Mark Mearns for his SQUID installation script.
Mark took 3rd place because of the simplicity he created with this script which will make a great addition in the script collection together with this pptp setup script.
I have made a small addition at the end of this post with simple instructions on how I installed the proxy and instructions on what settings to change in Internet Explorer to use the proxy you created with this script. I have also written down the command to add more users after it has been installed.
I’ll leave you with a quote from Mark that he sent in with this script.
Installing Squid proxy server on a VPS is pretty straightforward. However, it is detectable that you are using a proxy, and your actual IP address is forwarded also. This is no good for accessing IP-geolocation restricted content, such as Hulu outside the US. Therefore, you need a transparent or ‘elite’ proxy. Squid can do this, you just need the correct settings in your squid.conf settings file. This script will install a transparent Squid proxy on a Debian-based VPS without any need for PPP modules etc to be enabled.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
#!/bin/bash # ©2013-14 Mark Mearns. All Rights Reserved. # This script is distributed under a Creative Commons ShareAlike 3.0 licence. # http://creativecommons.org/licenses/by-sa/3.0/ clear echo " " echo "*****************************************************" echo "WELCOME TO THE SQUID PROXY SERVER INSTALLATION SCRIPT" echo "-----------------------------------------------------" echo " " echo " This script will set up a password protected, elite" echo " proxy on your target server" echo " " echo "*****************************************************" echo " " echo " " echo "Please enter a user name for Squid:" read u echo " " echo "Please enter a password (will be shown in plain text while typing):" read p echo " " clear a="`netstat -i | cut -d' ' -f1 | grep eth0`"; b="`netstat -i | cut -d' ' -f1 | grep venet0:0`"; if [ "$a" == "eth0" ]; then ip="`/sbin/ifconfig eth0 | awk -F':| +' '/inet addr/{print $4}'`"; elif [ "$b" == "venet0:0" ]; then ip="`/sbin/ifconfig venet0:0 | awk -F':| +' '/inet addr/{print $4}'`"; fi apt-get update apt-get -y install apache2-utils apt-get -y install squid3 rm /etc/squid3/squid.conf cat > /etc/squid3/squid.conf <<END acl ip1 myip $ip tcp_outgoing_address $ip ip1 auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid3 cache deny all refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 icp_port 3130 forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all END htpasswd -b -c /etc/squid3/squid_passwd $u $p service squid3 restart clear echo " " echo "***************************************************" echo " Squid proxy server set up has been completed." echo " " echo "You can access your proxy server at $ip" echo "on port 3128 with user name $u" echo " " echo "***************************************************" echo " " echo " " |
Login as root to the server that you will install SQUID on and with our favorite text editor and some copy/paste technique we will create the executable script.
|
1 |
nano squid-install.sh |
Paste the text in the code section above and save the file.
Make it executable with this command
|
1 |
chmod +x ./squid-install.sh |
Execute the script and follow the instructions. You will actually only need to enter a username and password that will protect the proxy from anonymous use.
The username and password is shown in clear-text when entering them, this is the only time they will be shown in clear-text so make sure no one is watching over your shoulder.
|
1 |
./squid-install.sh |
When everything is installed you will see the IP and username needed to connect to your proxy.
Adding the proxy settings to Internet Explorer
Open Internet Options and on the Connections tab, click the button LAN settings. 
Fill in the IP address that you got when the script finished installing and port 3128 in the dialog box that opens.
Click OK all the way until Internet Options are closed.
Open up Internet Explorer and enter your favorite URL and press enter. If everything is done correct you will be prompted with a login box where you enter your username and password that you set when installing Squid3 with the script. Clicking on the OK button afterwards will get you cruising the web using your Squid proxy server.
Adding another user and password
To add another user you can run this command on the server running your Squid proxy server.
|
1 |
htpasswd -b /etc/squid3/squid_passwd username password |
Change username to the username you would like to add and password to the password you would like to use.
20 comments for “Transparent Proxy Browsing with Squid3”