加用户鉴权的squid代理脚本

测试系统:CentOS6.8 X86_64
支持系统版本:CentOS6.X

描述:
当工作或学习中需要用到代理服务,实现突破内网限制的目的。

这里采用squid来实现正向代理的功能。

squid的稳定性和高并发性在同类代理软件中是相对优秀的,它可以自定义配置缓存机制,网址鉴权acl(ip或域名),用户鉴权(连接口令)等等功能,我们可以在一台外网linux设备或虚拟机上部署squid代理服务功能,无疑是一个可靠的解决方案。

脚本描述:
脚本中采用多层if来判断,实现漂亮的交互式操作,将本已极其简单的安装流程浓缩得更加精简高效。
squid.jpg

脚本默认用yum来安装。squid的用户鉴权功能,需要调用httpd的htpasswd命令来为squid生成白名单访问的用户名和密码,因此需要装Apache。

#!/bin/bash
# https://iloveyouqq.cn
logo="
===================================================================
                                                          
              欢迎使用squid代理一键部署脚本
                                                 
                                    by '渐行渐远 2017-10-24

                                       http://iloveyouqq.cn                                                                     

===================================================================";
clear;echo -e "\e[1;32m${logo}\e[0m";echo;echo
read -p "
please choose:

1). Install squid service
2). Uninstall squid service
3). View squid user
4). Create a user
5). Delete a user
6). Reset a user password
*). Quit

"  choose
if   [[ ${choose} = "1" ]]
  then
      checkdirectory='/etc/squid'
      if  [[ -f /usr/sbin/squid  ]] || [[ -d ${checkdirectory} ]]
        then
            echo;echo -e "The System Has Squid Services And Files, Please Check or delete them."
            exit 1 &>/dev/null
      fi
      echo "Please Wait..."
      yum -y install httpd squid &>/dev/null
      #/etc/init.d/iptables save &>/dev/null
      #iptables -F &>/dev/null
      mv /etc/squid/squid.conf /etc/squid/squid.conf.bak
      #service iptables stop &>/dev/null
      setenforce 0 &>/dev/null
      echo "
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/user
auth_param basic children 5
auth_param basic realm Welcome to Hx4k1r web server!!!
acl manager proto cache_object
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 53 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl user proxy_auth REQUIRED
via on
request_header_access X-Forwarded-For deny all
request_header_access user-agent deny all
reply_header_access X-Forwarded-For deny all
reply_header_access user-agent deny all
http_access allow user
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_port 6666
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_dir ufs /var/spool/squid 100 16 256 read-only
cache_mem 100 MB
coredump_dir /var/spool/squid
access_log /var/log/squid/access.log
visible_hostname iloveyouqq.cn
cache_mgr jxjy" > /etc/squid/squid.conf
      echo 1 > /proc/sys/net/ipv4/ip_forward
      echo
      echo "Please Input squid port, if not define, default port is 6666"
      read squid_port
      echo
      if  [[ ${squid_port} != "" ]]
        then
            netstat -antp |grep ${squid_port} &>/dev/null
              if  [[  $?  !=  0 ]]
                then
                      sed -i 's/http_port 6666/http_port '${squid_port}'/' /etc/squid/squid.conf
                       echo -e "squid port is ${squid_port}";echo;echo
                else
                         echo "Listen port is using.. can't define ${squid_port} for squid to use. please redefine..."
                fi
            #read squid_port
              netstat -antp |grep ${squid_port} &>/dev/null
              if  [[  $?  =  0 ]]
                  then echo;echo "please use vim to redefine 'squid.conf' port.";exit 1
              fi
      fi
      echo "Ready to Create a User, Please Input User Name you want to define.. "
      read user
      echo
      if   [[ ${user}  = "" ]]
        then
            echo "Install is Complete, But Must to Create a User, Else Can't Use The Proxy. "
              exit 1
        else
            echo "You Need Enter Twice Password Now"
            htpasswd -c /etc/squid/user ${user}
            squid -z &>/dev/null
#service squid restart
#squid_ip=`wget http://members.3322.org/dyndns/getip -O - -q ; echo`
#squid_ip=`wget -qO- -t1 -T2 ipv4.icanhazip.com`
#squid_ip=`curl -s http://members.3322.org/dyndns/getip`
            squid_ip=`curl -s ipcheck.com`
            squid_port=`grep http_port /etc/squid/squid.conf|awk '{print $2}'`
            iptables -A INPUT  -p tcp --dport ${squid_port} -j ACCEPT
            iptables -A OUTPUT -p tcp --sport ${squid_port} -j ACCEPT
            echo
            echo -e "squid IP is ${squid_ip}"
            echo -e "squid port is ${squid_port}"
            echo
            echo -e "You Can Edit '/etc/squid/squid.conf' File to Change squid port."
            echo -e "You Can By '/etc/init.d/squid start' or 'service squid start' To Run Squid Service."
            echo
            echo
            exit 0
      fi
fi
########################################
if   [[ ${choose} = "2" ]]
  then
      checkdirectory='/etc/squid'
      if  [[ ! -f /usr/sbin/squid  ]] || [[ ! -d ${checkdirectory} ]]
        then
            echo;echo -e "The System is Not have Install Squid Service."
            exit 1 &>/dev/null
      fi
      squid_port=`grep http_port /etc/squid/squid.conf|awk '{print $2}'`
      squid_output_rule=`/etc/init.d/iptables status|grep spt:${squid_port}|awk '{print $1}'`
      iptables -D OUTPUT ${squid_output_rule} &>/dev/null
      iptables -D INPUT ${squid_output_rule}  &>/dev/null
      echo;echo -e "Please Wait...";echo
      yum -y remove squid &>/dev/null && rm -rf /etc/squid/ && echo "Squid Is Uninstall Successful!"
fi
########################################
if [[ ${choose} = "3" ]]
  then
      checkdirectory='/etc/squid/user'
      if  [[ ! -f  /usr/sbin/squid  ]] || [[ ! -f  ${checkdirectory} ]]
        then
            echo;echo -e "Squid Is Not Install. Can't To Delete Squid User. "
            exit 1 &>/dev/null
        else
            checksquiduser=`cat /etc/squid/user|awk -F : '{print $1}'`
            echo;
            echo "Squid user list:"
            echo
            echo "${checksquiduser}";
            echo;
            exit 0
      fi
fi
########################################
if   [[ ${choose} =  "4"    ]]
  then
      checkdirectory='/etc/squid'
        if  [[ ! -f  /usr/sbin/squid  ]]||[[ ! -d  ${checkdirectory} ]]||[[ ! -f /etc/squid/user ]] 
          then
                echo;echo -e "Squid Is Not Install. Can't To Delete Squid User. "
                exit 1 &>/dev/null
        fi
      echo "Ready to Create a User, Please Input User Name you want to define.. "
      echo
      read user
      echo
      if [[ ${user} = "" ]]
        then
            echo "you input can't is null"
            exit 1
      fi
            checklist=`cat /etc/squid/user|awk -F : '{print $1}'|grep "${user}"`
            if  [[ ${user} == ${checklist} ]]
              then echo "user is exist, are you sure to create? Enter 'y' or 'n'.if do, the opeation is reset the user password."
              read yorn
              if  [[ $yorn == y ]]
                then
                    echo;echo "You Need Enter Twice Password Now"
                    htpasswd  /etc/squid/user ${user}
                    echo
                else
                    echo;echo "Input is error, quit..."
                    exit 1
              fi
              else
                  echo "You Need Enter Twice Password Now"
                  htpasswd -c /etc/squid/user ${user}
                  echo
            fi


fi
#################################
if   [[ ${choose} =  "5"    ]]
  then
      checkdirectory='/etc/squid'
        if  [[ ! -f  /usr/sbin/squid  ]] || [[ ! -d  ${checkdirectory} ]]
        then
                echo;echo "Squid Is Not Install. Can't To Delete Squid User. "
                  exit 1
      fi
      if  [[ ! -f /etc/squid/user ]]
          then
              echo -e "The System is not have squid user. Please rerunning the script to create a squid user."
            exit 1
      fi
      checksquiduser=`cat /etc/squid/user|awk -F : '{print $1}'`
      echo -e "The system has them squid user:"
      echo
      echo "${checksquiduser}"
      echo
      echo "who user is do you want to delete?"
      echo;read deletesquiduser
      if  [[ $(cat /etc/squid/user|awk -F : '{print $1}'|grep "${deletesquiduser}")  !=  ${deletesquiduser} ]] ||   [[ ${deletesquiduser}  == "" ]];
        then
            echo;echo "user is not exist. please check."
            exit 1
        else
            sed -i '/'${deletesquiduser}'/d' /etc/squid/user
            echo;echo -e "${deletesquiduser} is delete."
      fi
fi
########################################
if   [[ ${choose} =  "6"    ]]
  then
      checkdirectory='/etc/squid'
      if  [[ ! -f  /usr/sbin/squid  ]] || [[ ! -d  ${checkdirectory} ]]
        then
            echo;echo "Squid Is Not Install. Can't To Delete Squid User. "
            exit 1
      fi
      if  [[ ! -f /etc/squid/user   ]]
          then
            echo -e "The System is not have squid user. Please rerunning the script to create a squid user."
            exit 1
      fi
      checksquiduser=`cat /etc/squid/user|awk -F : '{print $1}'`
      echo -e "The system has them squid user:"
      echo
      echo -e "${checksquiduser}"
      echo
      echo -e "who user password is do you want to reset?"
      echo
      read resetsquiduser
      if  [[ `cat /etc/squid/user|awk -F: '{print $1}'|grep ${resetsquiduser}` =  ${resetsquiduser} ]] 
        then
            htpasswd -m /etc/squid/user ${resetsquiduser}
            echo;echo "${resetsquiduser} is reset successful."
        else
            echo;echo "The user you entered is incorrect, Please check."
            exit 1;
       fi
fi
########################################
if [[ ${choose} = * ]]||[[ ${choose} != "1" ]]||[[ ${choose} != "2" ]]||[[ ${choose} != "3" ]]||[[ ${choose} != "4" ]]||[[ ${choose} != "5" ]]
  then
      echo "quit..."
      exit 0
fi
# https://iloveyouqq.cn

最后面用户密码生成完毕后,在客户终端填设了代理ip,访问任意网站时,会弹出用户名和口令的验证,规避了代理ip被盗用的现象。

访问站点时的验证图:
1024-1.png

密码错误时,访问的页面无法打开:
1024-2-nouser.png

密码正确时,访问的页面显示正常内容:
1024-2-ok.png

注意,国内vps使用squid做代理,效果比较好。不建议用国外vps,容易连不上,且不可用于翻{和谐}墙。

注意:转载请注明作者和出处!谢谢!

标签: squid

添加新评论