windbg · July 11, 2017 08:06 · Jan 4, 2017 · Jan 4, 2017 · Jan 4, 2017 · Jan 4, 2017
diff --git a/README.md b/README.md
@@ -21,9 +21,9 @@ wget -qO- https://gist.githubusercontent.com/e7d/9472c3e7ac1821056867b95244c7360
 
 ```
 
-## Manager users
+## Manage users
 
-You would be able to manage your proxy users. To do so, two simple commands. 
+Using the command [htpasswd](https://httpd.apache.org/docs/current/programs/htpasswd.html), you can manage the users able to use the proxy: 
 - create/update a user: `htpasswd -bd /etc/squid3/users.pwd myuser mypw`
 - remove a user: `htpasswd -D /etc/squid3/users.pwd myuser`
 

diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-If you want to use the latest available version of Squid, you can [Build a Squid anonymous proxy from sources](https://gist.github.com/e7d/1f784339df82c57a43bf)
+If you want to use the latest available version of Squid, you can [Build a Squid anonymous proxy from source code](https://gist.github.com/e7d/1f784339df82c57a43bf)
 
 # Setup a Squid anonymous proxy
 

diff --git a/README.md b/README.md
@@ -1,3 +1,5 @@
+If you want to use the latest available version of Squid, you can [Build a Squid anonymous proxy from sources](https://gist.github.com/e7d/1f784339df82c57a43bf)
+
 # Setup a Squid anonymous proxy
 
 ## Table of contents

diff --git a/squid-install.sh b/squid-install.sh
@@ -9,16 +9,13 @@ echo "Update packages list"
 apt-get update
 
 echo "Build dependencies"
-apt-get -y install squid3 squid3-common apache2-utils
-
-echo "Stop service"
-service squid3 stop
+RUNLEVEL=1 apt-get -y install squid3 squid3-common apache2-utils
 
 echo "Create configuration file"
 mv /etc/squid3/squid.conf /etc/squid3/squid.conf.default
 wget --no-check-certificate -O /etc/squid3/squid.conf https://gist.githubusercontent.com/e7d/9472c3e7ac1821056867b95244c73609/raw/squid.conf
 
-echo "Create users database with sample user"
+echo "Create users database sample"
 htpasswd -cbd /etc/squid3/users.pwd proxy proxy
 
 echo "Prepare environment for first start"

diff --git a/squid-install.sh b/squid-install.sh
@@ -1,7 +1,5 @@
 #!/bin/sh
 
-SQUID_VERSION=3.5.23
-
 if [ "$(id -u)" != "0" ]; then
   echo "This script must be run as root" 1>&2
   exit 1

diff --git a/README.md b/README.md
@@ -21,10 +21,8 @@ wget -qO- https://gist.githubusercontent.com/e7d/9472c3e7ac1821056867b95244c7360
 
 ## Manager users
 
-You would be able to manage your proxy users. To do so, two simple commands.  
-To create or update a user:
-- `htpasswd -bd /etc/squid3/users.pwd myuser mypw`
-To remove a user:
-- `htpasswd -D /etc/squid3/users.pwd myuser`
+You would be able to manage your proxy users. To do so, two simple commands. 
+- create/update a user: `htpasswd -bd /etc/squid3/users.pwd myuser mypw`
+- remove a user: `htpasswd -D /etc/squid3/users.pwd myuser`
 
 **Note:** The maximum acceptable length of password is 8 characters long.
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@
 ## Squid installation script
 
 ```
-wget -qO- https://gist.githubusercontent.com/e7d/1f784339df82c57a43bf/raw/squid-install.sh | sh
+wget -qO- https://gist.githubusercontent.com/e7d/9472c3e7ac1821056867b95244c73609/raw/squid-install.sh | sh
 
 ```
 

diff --git a/squid-install.sh b/squid-install.sh
@@ -18,7 +18,7 @@ service squid3 stop
 
 echo "Create configuration file"
 mv /etc/squid3/squid.conf /etc/squid3/squid.conf.default
-wget --no-check-certificate -O /etc/squid3/squid.conf https://gist.githubusercontent.com/e7d/1f784339df82c57a43bf/raw/squid.conf
+wget --no-check-certificate -O /etc/squid3/squid.conf https://gist.githubusercontent.com/e7d/9472c3e7ac1821056867b95244c73609/raw/squid.conf
 
 echo "Create users database with sample user"
 htpasswd -cbd /etc/squid3/users.pwd proxy proxy

diff --git a/README.md b/README.md
@@ -0,0 +1,30 @@
+# Setup a Squid anonymous proxy
+
+## Table of contents
+
+* [Disclaimer](#disclaimer)
+* [Squid installation script](#squid-installation-script)
+* [Manage users](#manage-users)
+
+## Disclaimer
+
+> Read the install script before using it.  
+> You may want to understand what the script is doing before executing it.  
+> I will not be responsible for any damage caused to your server.
+
+## Squid installation script
+
+```
+wget -qO- https://gist.githubusercontent.com/e7d/1f784339df82c57a43bf/raw/squid-install.sh | sh
+
+```
+
+## Manager users
+
+You would be able to manage your proxy users. To do so, two simple commands.  
+To create or update a user:
+- `htpasswd -bd /etc/squid3/users.pwd myuser mypw`
+To remove a user:
+- `htpasswd -D /etc/squid3/users.pwd myuser`
+
+**Note:** The maximum acceptable length of password is 8 characters long.
diff --git a/squid-install.sh b/squid-install.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+SQUID_VERSION=3.5.23
+
+if [ "$(id -u)" != "0" ]; then
+  echo "This script must be run as root" 1>&2
+  exit 1
+fi
+
+echo "Update packages list"
+apt-get update
+
+echo "Build dependencies"
+apt-get -y install squid3 squid3-common apache2-utils
+
+echo "Stop service"
+service squid3 stop
+
+echo "Create configuration file"
+mv /etc/squid3/squid.conf /etc/squid3/squid.conf.default
+wget --no-check-certificate -O /etc/squid3/squid.conf https://gist.githubusercontent.com/e7d/1f784339df82c57a43bf/raw/squid.conf
+
+echo "Create users database with sample user"
+htpasswd -cbd /etc/squid3/users.pwd proxy proxy
+
+echo "Prepare environment for first start"
+mkdir -p /var/log/squid3
+mkdir -p /var/cache/squid3
+mkdir -p /var/spool/squid3
+chown -cR proxy /var/log/squid3
+chown -cR proxy /var/cache/squid3
+chown -cR proxy /var/spool/squid3
+squid3 -z
+
+echo "Start service"
+service squid3 start
+
+exit 0
diff --git a/squid.conf b/squid.conf
@@ -0,0 +1,119 @@
+# General
+
+http_port 3128
+visible_hostname Proxy
+forwarded_for delete
+via off
+
+# Log
+
+logformat squid %tg.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
+access_log /var/log/squid3/access.log squid
+
+# Cache
+
+cache_dir aufs /var/cache/squid3 1024 16 256
+coredump_dir /var/spool/squid3
+
+acl QUERY urlpath_regex cgi-bin \?
+cache deny QUERY
+
+refresh_pattern ^ftp:           1440    20%     10080
+refresh_pattern ^gopher:        1440    0%      1440
+refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
+refresh_pattern .               0       20%     4320
+
+# Network ACL
+
+acl localnet src 10.0.0.0/8     # RFC 1918 possible internal network
+acl localnet src 172.16.0.0/12  # RFC 1918 possible internal network
+acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
+acl localnet src fc00::/7       # RFC 4193 local private network range
+acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+
+# Port ACL
+
+acl SSL_ports port 443          # https
+acl SSL_ports port 563          # snews
+acl SSL_ports port 873          # rync
+acl Safe_ports port 80 8080     # http
+acl Safe_ports port 21          # ftp
+acl Safe_ports port 443 563     # https
+acl Safe_ports port 70          # gopher
+acl Safe_ports port 210         # wais
+acl Safe_ports port 1025-65535  # unregistered ports
+acl Safe_ports port 280         # http-mgmt
+acl Safe_ports port 488         # gss-http
+acl Safe_ports port 591         # filemaker
+acl Safe_ports port 777         # multiling http
+acl purge method PURGE
+acl CONNECT method CONNECT
+
+# Authentication
+#   Uncomment the following lines to enable file based authentication BUT:
+#   The following section requires to have squid libs installed, especially `nsca_auth`, to be working.
+#   This sections uses a Htpasswd file named `users.pwd` file to store eligible accounts.
+#   You can generate yours using the htpasswd command from "apache2-utils" aptitude package, using "-d" flag to use system CRYPT.
+
+auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/users.pwd
+auth_param basic children 5
+auth_param basic realm Proxy
+auth_param basic credentialsttl 2 hours
+auth_param basic casesensitive on
+
+acl Users proxy_auth REQUIRED
+http_access allow Users
+
+# Access Restrictions
+
+http_access allow manager localhost
+http_access deny manager
+
+http_access allow purge localhost
+http_access deny purge
+
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+
+http_reply_access allow all
+htcp_access deny all
+icp_access allow all
+always_direct allow all
+
+# Request Headers Forcing
+
+request_header_access Allow allow all
+request_header_access Authorization allow all
+request_header_access WWW-Authenticate allow all
+request_header_access Proxy-Authorization allow all
+request_header_access Proxy-Authenticate allow all
+request_header_access Cache-Control allow all
+request_header_access Content-Encoding allow all
+request_header_access Content-Length allow all
+request_header_access Content-Type allow all
+request_header_access Date allow all
+request_header_access Expires allow all
+request_header_access Host allow all
+request_header_access If-Modified-Since allow all
+request_header_access Last-Modified allow all
+request_header_access Location allow all
+request_header_access Pragma allow all
+request_header_access Accept allow all
+request_header_access Accept-Charset allow all
+request_header_access Accept-Encoding allow all
+request_header_access Accept-Language allow all
+request_header_access Content-Language allow all
+request_header_access Mime-Version allow all
+request_header_access Retry-After allow all
+request_header_access Title allow all
+request_header_access Connection allow all
+request_header_access Proxy-Connection allow all
+request_header_access User-Agent allow all
+request_header_access Cookie allow all
+request_header_access All deny all
+
+# Response Headers Spoofing
+
+reply_header_access Via deny all
+reply_header_access X-Cache deny all
+reply_header_access X-Cache-Lookup deny all
No results found