diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..b25c15b81fae06e1c55946ac6270bfdb293870e8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/files/squid/helpers/certificate/Oct15-Oct16/myCA.der b/files/squid/helpers/certificate/Oct15-Oct16/myCA.der
new file mode 100644
index 0000000000000000000000000000000000000000..ef3fb7f82ed410ab86775ad032d63b0c64c3d90e
Binary files /dev/null and b/files/squid/helpers/certificate/Oct15-Oct16/myCA.der differ
diff --git a/files/squid/helpers/certificate/Oct15-Oct16/myCA.pem b/files/squid/helpers/certificate/Oct15-Oct16/myCA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..ab419a82e2e0a725acbbecfbf3d2047b1a67bd6c
--- /dev/null
+++ b/files/squid/helpers/certificate/Oct15-Oct16/myCA.pem
@@ -0,0 +1,53 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzOA9N5QGu4gG2
+XnxmAFCHSlRt88fdreUlOv34wBXf7fvuBozStATJzW+mTvMhRH1uUuwTEiOBxl03
+9YN5M2+E7oS6IRAGBRdQimUQu9halQIuHGj7seFwLhzposd6uLHmeQmjjTPC+LYr
+yoxCbahZ3dTCvNtmT1IveVe8v8H8k0ze8wspN41VNzF4P9YLl+cM1r4/u7bSY0yh
+PUrmVNpYPayxewTB7+rKIGTY2mkutzM9pzQlJHWs39wyJdfuTiHxYSAgvABGVMXm
+A93aKDq2pHGArCBDg/fw3S0B3wxm5gMKeNulSb5gg4T9lHxHjTmWHn0BsuG5BGey
+MiMyBTt9AgMBAAECggEAB/ivXZSZDZFJ6DWtrM/IxSu+M6HLOwX4Ej7cewr4Lhyk
+vwKVku2k5OD5XVlXoRwtxBF2JKcC40vSa6HE9kgeZrhBORItZ0cksVVmh2cDiYvl
+K+3hkYho8Zdre8zcuI2shAbQMfEe40YyvCHnOTEtcsnWI89IpvVSP4BTMbcJxtUn
+SYGErmOjnM+HydkSt/kqR06OfwphysANtnzng4yc++sVsa7EpE6pvYELSWB5I2YM
+wfTGDDJIBr3FDwbHp+188cI5FYXlbot5BcYc25i2KErnFOiUhG3Z0W/tKrK5hfy5
+rJgAhpIqZaKaZqU11fKEFGMX0H2XKTNxPY+4btxoIQKBgQDsW7ai+d8LPWo6ChLh
+cSTBb/yaOdtT/uMK6PzwfCGJYW4Ykpp4pN0KZWGg1EQJb0cWkaR8ORButXhKBZlb
+drEPNaIbkMr2sHic/OipShjEKLK1cKbmYyFV4Jz0UaRDOiq2Q7Ceurs8W0ExxGe+
+m5Bp53JcG8b8hSqYSkAw/MiFRQKBgQDCHMPmN5KlW5Yc/BuEXPwgY8hUiS418A58
+sDSVvg8WQKmsd7ZG0NFbgTfj3DXmkLNIJKF/5QYLRIekuObh7UgpMa0HOB8l00F0
+xEwRBUCTtfxUArODu9G0qAdvhaVLQ4sdlpi3Sgu+jBCz5KL+juNAt51x0YLkKsCR
+DWeKLRV02QKBgBpAaX2agSJvdM/zdHtjpLBzbrv2dxzSL4dzrzxKnTL0BlVmWw/R
+R9eywPArA0+E84FXNcyyTdfuAek+y/SzryDAVTv4jgJuQUc2c+TxnOSUnJy4YWEv
+W3F9XBFqy/LHkBzkUcafeNJQVGJhrSAniReqJDKEx0oexEdb39tRCDh9AoGAGWLf
+r+0Wra+Tq0jBZIcwph/GpF+ofn9dtarpxaesm3Frf1XMrehDaR82KwOyvOuxtr6r
+rGlMaA7XWpCgCW4Z4OFRSr9pO24sglPlytgQAQFs9aPAzHq0y1aqWkh1PKmhuQXo
+BRiW/p2c1ZoSQw525BDfc3I+Fw8MTiwdnXGV+8kCgYEAwl7x+eN7dBKx72vE5TfP
+xn8nPcsUybGmLFMWrEw4gUebnTQpqC18kvH1frJFB+9VztdY+pClFFs4PJ+n0hPd
+T9y/Bi1ya2b/Va8JqDznMwQ2rxZwhoR4tYRGx226JLyHvCkjMK/NDuv4FIdbLKgk
+TAgmqByAnacxFmIJnos1z5M=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIJAKSwxnI20xv6MA0GCSqGSIb3DQEBCwUAMIGqMQswCQYD
+VQQGEwJTRTEVMBMGA1UECAwMT3N0ZXJnb3RsYW5kMRIwEAYDVQQHDAlMaW5rb3Bp
+bmcxHTAbBgNVBAoMFExpbmtvcGluZyB1bml2ZXJzaXR5MTcwNQYDVQQLDC5EZXBh
+cnRtZW50IG9mIENvbXB1dGVyIGFuZCBJbmZvcm1hdGlvbiBTY2llbmNlMRgwFgYD
+VQQDDA9leGFtLmlkYS5saXUuc2UwHhcNMTUxMDI4MDcwMDM5WhcNMTYxMDI3MDcw
+MDM5WjCBqjELMAkGA1UEBhMCU0UxFTATBgNVBAgMDE9zdGVyZ290bGFuZDESMBAG
+A1UEBwwJTGlua29waW5nMR0wGwYDVQQKDBRMaW5rb3BpbmcgdW5pdmVyc2l0eTE3
+MDUGA1UECwwuRGVwYXJ0bWVudCBvZiBDb21wdXRlciBhbmQgSW5mb3JtYXRpb24g
+U2NpZW5jZTEYMBYGA1UEAwwPZXhhbS5pZGEubGl1LnNlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAszgPTeUBruIBtl58ZgBQh0pUbfPH3a3lJTr9+MAV
+3+377gaM0rQEyc1vpk7zIUR9blLsExIjgcZdN/WDeTNvhO6EuiEQBgUXUIplELvY
+WpUCLhxo+7HhcC4c6aLHerix5nkJo40zwvi2K8qMQm2oWd3UwrzbZk9SL3lXvL/B
+/JNM3vMLKTeNVTcxeD/WC5fnDNa+P7u20mNMoT1K5lTaWD2ssXsEwe/qyiBk2Npp
+LrczPac0JSR1rN/cMiXX7k4h8WEgILwARlTF5gPd2ig6tqRxgKwgQ4P38N0tAd8M
+ZuYDCnjbpUm+YIOE/ZR8R405lh59AbLhuQRnsjIjMgU7fQIDAQABo1AwTjAdBgNV
+HQ4EFgQUjoDLSsvG3/cnXQzl7inTVxID/nwwHwYDVR0jBBgwFoAUjoDLSsvG3/cn
+XQzl7inTVxID/nwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAXAR
+DWLxxnlvBm4kg7ohQ3h9uvqAB5i2ux+CBibiyWWJEq1doG3bwsSxJcHkfsxg7x1f
+BTHlhjVJD9ZkQAnx9FXs2mhfLwe5YOjTQtlDWxjZCd025rEhkf8OMAQuIRZ82kIQ
+Pe83px+yk3os8+nEhGFDVZobYFEoK9zbk2REnDzUTtp9nY3YB8NqLvSmJEmRj/h8
+f3/CEzgkOItREwnuMlwBrPECdBTE6WCSnj19O7FTdE3eHIeKOp62+1UX3GB2h01W
+FH1EoOj8a/CsFiih9loN2jL7lTOPJDRmtOH36lWV08TfR4BuC/V2xXvWK/OZU6z1
+Wx+SJ4JjkrwYRSECmg==
+-----END CERTIFICATE-----
diff --git a/files/squid/helpers/certificate/Oct16-Oct17/myCA.der b/files/squid/helpers/certificate/Oct16-Oct17/myCA.der
new file mode 100644
index 0000000000000000000000000000000000000000..02d958b07ba45791122ceb582bf58f0ec243e2ec
Binary files /dev/null and b/files/squid/helpers/certificate/Oct16-Oct17/myCA.der differ
diff --git a/files/squid/helpers/certificate/Oct16-Oct17/myCA.pem b/files/squid/helpers/certificate/Oct16-Oct17/myCA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..4e332b03538d19f32943231a941ad69dd069ce02
--- /dev/null
+++ b/files/squid/helpers/certificate/Oct16-Oct17/myCA.pem
@@ -0,0 +1,51 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsn94STqbFmBpc
+T2cDLpkWUABW6vPZib1Xul8xF4x4ffyLjq7TxCWzpvRmmJDotIUTEDE2th+7+iKz
+JjPq8oECRy+HRddt5eUT9SktMqRkvZfeepIvxvlVSXVLlNGpk88x83KYlc9Q9mYc
+cppLdhapvy3Tb0mMlvZnSTlESYpIMVIneJ7ZcUjUEII3aBZAKe60CkJw7F+SL0RX
+niL5uP6Fc3UXptkG2FrDhRW5pG+0pm2gAEVuEE96OyUCai2DfbWd1CyxppJICsGh
+db2q01YANzB/G9yiomc+JgPzuEZLAU2TyUhnQLe6UVqZPVU/MOH+z79+dEMBI+lj
+oRMZMW7xAgMBAAECggEAVGHSZL7tlCtgwyiBuM3GRAG1jUluOlZ3UjChP7WBH3r2
+M6JnUBdzxnQ0Vd30VzgA+MJeen9KI9PYygBGpXNjdDeEiH3sjEFehtZ3n6menFpM
+LUeSmD0hrztp+9EPT6TpT4vcgvNxohKsaVqpEV4ESPZnVi4qkVtIdZ7UMDj1ejaE
+39W1nc+4c3/fBKPRfqnLBByqpKkPkw9US7gFRAXcIWMbZMfH9SZM+wKTlDRSWaS7
+1gdPBXrbeWpFTcp2dNUlaARBBNuqrE1JUIDkYrUuGrUqo5wZOa+HHT3U+0ApxnZn
+HcptUWaqokVkGRpsA53hbTuVgIRSRu3M9wC6YHplzQKBgQD6TvACvsKjg92bwCjX
+Dvv6wYsyYQm1Q8/KGhjHPqqBuCerQdwUxZx8vj6OFI6wlyOffp5H8gNECGMXublA
+InhzHUw/b7A+pEvnQu9WMxarIXU5+cJiH0I6gLv0Bg8B3br6YgeOYvrcwkECcey5
+XDgklBaaV8BeJmP3tSc9jsGrfwKBgQDyAUZxt+41HJTMlmPt8WG5TUugavrhpKVN
+wbJCBZLUOJiqCaJccmnRGkz0CNpOMYiSk9Y94ktnpn2OHDuAGeb4VR0xbrvOVTfz
+bDnT5zqdngo7Y7lyNm2maqjKuMDGFFmpt0QYz/JuZWoxooGG7oHQineRZR58tBqn
+OFqlCQrdjwKBgQChpWakLzMdS+RKWA9Hyxp5NpJBB5+wWsmO18mWqmaMfTPJCjAp
+jfBgMq/NK4N2kTRlJOzsw2LOhagQw1TaESi+FnaOJP+phIqsH3LWtQl3nJTKyvt4
+SH2JsGcw0NTSPLIqTjJZBpzBAgXfoVjh36c2IBh0tiS56Ir4hhmATHfP2wKBgAHk
+AKjixvmjP4ZZpm41dI3+DJk0PMGGh8QTv1DEumDuEEND0ADo4+q+SdueNhZmTKrY
+fNP+8JfetRxnHA/kI+nMwG2ib9Us1UMRlWISbGLO2UWdgdVil3i1XJw41Ui23/xz
+chS/iyVRpYK9wkVLl7gJXOXF5HcU8SBdUFf5uhwBAoGBAM6NRjqZo7Ej2RrD3zHS
+CLzfAm2UQ4je7JVfbUbxs9lWxMwuJpDRjVgLAlNte5DU22W3HocbjWPEwbzPT8ty
+LEzHY8t/4F6iDE3Bz/HKvjfRV6ytsTRlg0lwudtru8hrQnCCqPKsR1dJcPUOaPzr
+fCQfARvOdvH3yL/V+eJb6tPD
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID0TCCArmgAwIBAgIJAL9A37hgqo5QMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV
+BAYTAlNFMRUwEwYDVQQIDAxPc3RlcmdvdGxhbmQxEjAQBgNVBAcMCUxpbmtvcGlu
+ZzEdMBsGA1UECgwUTGlua29waW5nIHVuaXZlcnNpdHkxDDAKBgNVBAsMA0lEQTEY
+MBYGA1UEAwwPZXhhbS5pZGEubGl1LnNlMB4XDTE2MTAyNDA3MzgzM1oXDTE3MTAy
+NDA3MzgzM1owfzELMAkGA1UEBhMCU0UxFTATBgNVBAgMDE9zdGVyZ290bGFuZDES
+MBAGA1UEBwwJTGlua29waW5nMR0wGwYDVQQKDBRMaW5rb3BpbmcgdW5pdmVyc2l0
+eTEMMAoGA1UECwwDSURBMRgwFgYDVQQDDA9leGFtLmlkYS5saXUuc2UwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsn94STqbFmBpcT2cDLpkWUABW6vPZ
+ib1Xul8xF4x4ffyLjq7TxCWzpvRmmJDotIUTEDE2th+7+iKzJjPq8oECRy+HRddt
+5eUT9SktMqRkvZfeepIvxvlVSXVLlNGpk88x83KYlc9Q9mYccppLdhapvy3Tb0mM
+lvZnSTlESYpIMVIneJ7ZcUjUEII3aBZAKe60CkJw7F+SL0RXniL5uP6Fc3UXptkG
+2FrDhRW5pG+0pm2gAEVuEE96OyUCai2DfbWd1CyxppJICsGhdb2q01YANzB/G9yi
+omc+JgPzuEZLAU2TyUhnQLe6UVqZPVU/MOH+z79+dEMBI+ljoRMZMW7xAgMBAAGj
+UDBOMB0GA1UdDgQWBBS7pEr5Or4zEVZyLsAri1w1517k/TAfBgNVHSMEGDAWgBS7
+pEr5Or4zEVZyLsAri1w1517k/TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQCr9gJ4njojMjwmeYHtTKpiJrpBm3T4MbryTqpWMJt9jjFO2t0GAGTkDgSr
+/TKR/jhMjONmOyR8tV7wYZF7tfONfVPmjLBcQI+ND+U1p+367M6njn36JcWJyQbn
++A+W+wPOkNnSFHZdpSlh0FVwJ7OfXSuNEgYGlPKCk4Rz1ZPhtY8ZklwUDAKgaWpw
+oMCLW6gtk66HjOGyOn9ab28xF+ja7D3qZ3rya6PfZqnynFdybEhE7J1Ug6xEKXMb
+jb2hAinFHbHA9FscRatr74LZe1/nbDEjliupIO97DDej1aLzUrEYi9pBuMUDHZlj
+bthnAbaf9BCJlAUNxf0gkMTQgNQH
+-----END CERTIFICATE-----
diff --git a/files/squid/helpers/certificate/Oct17-Oct18/myCA.der b/files/squid/helpers/certificate/Oct17-Oct18/myCA.der
new file mode 100644
index 0000000000000000000000000000000000000000..f7b96938c3cf5ed165e3d6f495f6ae14db60fea5
Binary files /dev/null and b/files/squid/helpers/certificate/Oct17-Oct18/myCA.der differ
diff --git a/files/squid/helpers/certificate/Oct17-Oct18/myCA.pem b/files/squid/helpers/certificate/Oct17-Oct18/myCA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..5acfc288a2390b835282c5f8cb7d91914ea68d2f
--- /dev/null
+++ b/files/squid/helpers/certificate/Oct17-Oct18/myCA.pem
@@ -0,0 +1,53 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7rcmVvvNo5LFN
+U7vK46lbFTUoENe5BKOKA8ejvGa7q3NHH9kzVzHQzipaN3vuzUC2jLXMUVhSE+6M
+KQG1UlmXzGe0nMjh/g88x1UaUvk+KWtMGxMJIENNqb0XkCo2gtIM+o+N7rbWsAS6
+2VzNO7KtShUdJDbHyEv6r1VLEsCh8LQXfL+VjmYeH0fMbtM3JsTBP8XpghYZinPe
+YtCPTIFBb7ed9lUWMUJOK505aB0lIvshkvYdMl8/3ca0LiwwOM2Ll1Q0ijAvB0cf
+rSNrD5ypFwAMmumpYH2a+xVKpI1EWvz3v/3Z2hcpRfLe5JPdINU7ZbG5oy0upnS6
+xBeIf32rAgMBAAECggEAaquXFM6ISIkbIQlDhkipXESMhu4zvkwdq3cEhFKzzVzg
+U3+NkvmvLa/QMKCyhwMQEfGd7rgZS+VaQz2XY/ifRYD/PI+UOaaOAIyHGUQpt6QR
+ARuuURSOTFj6Sac95uep/Yh4CUKxlwpKVezvKxMQNiASKhMIM7rrPFtlThslc6SC
++U/AlY7ZBcTyWAliqncFi5gHzV+UWbnnMDFTUOWFh13nQCBNyUwnM/v8S9YQE3+P
+RmFRkF8cxfkXTJQP82RrhswNapi5+lurmJl02LkBsvQlwA3H/kPjcJ1riNt+9/j9
+kx/9uUxnHXJm/HL0UDHosw/y69T4cw2VbC6XWmRM+QKBgQDptfgP5syngCWJ5xqO
+uestEnBcVPHPJpJLyxlWj2WB/JD9dL0iZxtj1sra+HVMKEbrVHZBkPQWldXCZDno
+vtQgJ0ZYzggDcLSCnnceXgN1lsGLdCStbAUQzBqdyg5CWpFhKs/TloqIHrrvdd2r
+ir30nZ0ja/+Lt0e8BIdTv1YgpQKBgQDNk/OqtGc2vX5q+GcWQf4WxJs5vKYz7inj
+Q/nxSzpWzNJ50aQmqpdTdXPLTmVWErXYKReCiZ0AgCZ0Oqc84h+C504u8qXooLtl
+vFRPtuLGuVV1HdKDqP2kg7Yfjsdn6aS7pAx7ROI9QCc0mVXbAGaRmfp3HcyeDOfA
+nDQfRl0EDwKBgHjk3X30SNc4jbKJLo64E7RL/n10n2UlsbWtSN0i7kJQUPwbIB8k
+sOFzYZnlvl930j+3gDiob+si9OFKkT4ZQIelaVlUsoZ9DZMnv7ygqy9vnYyytqpS
+30fyHK6Ur82ZJezahYkRLXX+V3q5QMKU0XAw+/Ev05AFbgEPYqVqq3XVAoGATzk9
+JgPv4sCT/1VLJOC5sryBtXZl9o1JxzNjFwIOsXStiBSqVdxYBOm2fhrwIoODYJI1
+ZTDzOEYqi5Au8t+RlTjegGkyVrvafBJfy3iHXF3/+OpNPj/Zv5SikvbLEdiQi19l
+D/wz07btZO/SjltRK7tTMqRhPmdqyGdqDsNnBTECgYEAjXxaShFfZxJCJkcyEX1u
+Z8BG+gQsOgaLcO/GGi1npIkAMvonDOeYWuFIah7Etu+tVNj7fdFzyjPnhWPQbiBk
+SI5y6IfpZ2zussVLW7Tp1r8KVww3E18ACK0eItkeULAVi3fUCpoEFuZTTcSDUABO
+JdELgkTC9FIPRQUVcAQRIX0=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEITCCAwmgAwIBAgIJAIzUCRNPmxv5MA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
+VQQGEwJTRTEVMBMGA1UECAwMT3N0ZXJnb3RsYW5kMRIwEAYDVQQHDAlMaW5rb3Bp
+bmcxHTAbBgNVBAoMFExpbmtvcGluZyB1bml2ZXJzaXR5MRAwDgYDVQQLDAdJREEv
+VVBQMRgwFgYDVQQDDA9leGFtLmlkYS5saXUuc2UxITAfBgkqhkiG9w0BCQEWEmV4
+YW1hZG1AaWRhLmxpdS5zZTAeFw0xNzEwMDkxMTQwMTRaFw0xODEwMDkxMTQwMTRa
+MIGmMQswCQYDVQQGEwJTRTEVMBMGA1UECAwMT3N0ZXJnb3RsYW5kMRIwEAYDVQQH
+DAlMaW5rb3BpbmcxHTAbBgNVBAoMFExpbmtvcGluZyB1bml2ZXJzaXR5MRAwDgYD
+VQQLDAdJREEvVVBQMRgwFgYDVQQDDA9leGFtLmlkYS5saXUuc2UxITAfBgkqhkiG
+9w0BCQEWEmV4YW1hZG1AaWRhLmxpdS5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALutyZW+82jksU1Tu8rjqVsVNSgQ17kEo4oDx6O8Zrurc0cf2TNX
+MdDOKlo3e+7NQLaMtcxRWFIT7owpAbVSWZfMZ7ScyOH+DzzHVRpS+T4pa0wbEwkg
+Q02pvReQKjaC0gz6j43uttawBLrZXM07sq1KFR0kNsfIS/qvVUsSwKHwtBd8v5WO
+Zh4fR8xu0zcmxME/xemCFhmKc95i0I9MgUFvt532VRYxQk4rnTloHSUi+yGS9h0y
+Xz/dxrQuLDA4zYuXVDSKMC8HRx+tI2sPnKkXAAya6algfZr7FUqkjURa/Pe//dna
+FylF8t7kk90g1TtlsbmjLS6mdLrEF4h/fasCAwEAAaNQME4wHQYDVR0OBBYEFJfs
+0fxCYdRGobtPy8TafBU8yheEMB8GA1UdIwQYMBaAFJfs0fxCYdRGobtPy8TafBU8
+yheEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEfsVY9w8VdFD1Md
+i1m2snETircJUhyaeBz7++TIs4sSFzqaVq+WeOImD0iaf7c0AUanTc0Tj+4CW+dJ
+qsAKwP1axRJPkMA9OPg8SOa3qyVrab1glxtaEJSBGfhfdeh6bTpsfzxWEdhRRc7A
+1T27Cwf9ZGyXoCs7myml8WT3A/KygBou2dF6ms7FcZEHDuzAQkTytXlOM2wC8OB4
+/YA9+uje2tV+gS6/sWNDEw1VCrR/saEjs7fpvUsuYK8TIp0nWxGVo9YBCfSV1NJG
+tkY0JD5Rlbm+rGIH/p4qC3ZcK7uhjvQNmENZXFVTPVaDvpS4QBEeS7eOCpjB0uU4
++fGlJXQ=
+-----END CERTIFICATE-----
diff --git a/files/squid/helpers/certificate/Oct18-Oct19/myCA.der b/files/squid/helpers/certificate/Oct18-Oct19/myCA.der
new file mode 100644
index 0000000000000000000000000000000000000000..ffb6288d268560531242ebd6fc96149b50a893f1
Binary files /dev/null and b/files/squid/helpers/certificate/Oct18-Oct19/myCA.der differ
diff --git a/files/squid/helpers/certificate/Oct18-Oct19/myCA.pem b/files/squid/helpers/certificate/Oct18-Oct19/myCA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..37a9364421d78072642eccc7d556f0f7a5c96b8e
--- /dev/null
+++ b/files/squid/helpers/certificate/Oct18-Oct19/myCA.pem
@@ -0,0 +1,53 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC2svfv8cME8Quc
+TRZPPkZzlB/Q+EtGaVjP4eUzoYJDYZmVvYm8PUPTm0Gt6y2FTAKB0MPQXK9YOPtq
+ZkHgYd48YtG19unBCM2jAUcjS+OTGcFdVT76f09N/wcmE+CyLn+MJ+BFt0iiF923
+4Q+BIjXce0QZ7dayB0xA+BpUfN38LV0NcEdS2oE2grsS7Yb4GUe8WhY7zWZ0FscR
+y3VGA6o+nFqWg/Oj6tqnbih0R+F58SNXxfJr45T82mayqZpUVVMsRnL9CY31twmZ
+jA+u1bRQQiQWzDAUU0jS7YwNubfAYbY3CSz9nUHeuC/tb56q6SkQuuDfsi6CNMiz
+gVP68IVfAgMBAAECggEBAIBRpw6iEUVRP8Rh6D90D+txp/8PxV8I8tXfZSokT+ef
+j026uBi8Nv1S2Iic23X58vDWfhHEZ2thakRK2g4M7xgemAhkCb4IvtW0OhCyZn6U
+4lj5XKh37m1rp8u4vmKngfIgt8Z/esZOWO2jZ05dhtL6yNQlVlvoAEjJeUTKBufs
+i7tj+Kv+InOT4jG4OTR2eTBYZWwGr35uCx1582OJuNvVtUfbhXM+8vaa+KHgfIsP
+VKxb2WhIVl3IVkeJA3Vm3FVfTzT88V/+GRpRPsQoGAggWaSsnxVjeKk/eEYLc3ZQ
+IPGT/Yegrp7eutJWGXAVrnUSWZ4gIQFDtjJ3ijJ654ECgYEA66C85Hz1Aw1VW1aS
+CYpcEr4oLgk6OC28yyvXRS0ibELwFCvBKJ2eZWnxuULSHNLJKtxakYaBrR1VzTns
+XA8B33f5ZvUmFK1PPHYswaVMppQLRAN9K2XjmfJOvsnl0QWdYcLVw1fKXADgPjJ/
+MOVYSzVopEbhvv9Z6RFQ5eplgOECgYEAxn67qU/spH4wmdhw60+NdQZIp7yDTK3s
+CKubWnUEokWsHPaei+VzHvilI2gAe6dvVqQ9FcqkzAUfHHst3CPJroW67f8fZ0fD
+ZQXcTRV/xp+dUjGNFkRfp4KHUs0qzF5yYOFQZL6a5waf7fymWYPxqyziDjudTqJo
+TswxF/iZjj8CgYEAjYmtTbb92kp9FnOnH5H8Aso1CopCbZKT0JtSIVyeS9fdrNAn
+pEUh65s7N2S7H9NCQbvBr57TcHCppLCBmT7uihTgPIdPy6Xbbd8yvVOU+o79QWqz
+GomGsWfLA3H12Zv80Mefbkri5GcmTFY67t0lL3AynlNxsTBkCst7A9DMDiECgYAC
+NHYxM0oVqbEwhE78zi1sF13HPzjWKThuADoBjzs18kAvMi4gr7PPrENpWUZoGTwL
+YlerXkzmV0g5MMUZpOwgnCuvaR4YL5vkC2SfFpYMxskgmJxQmwHVAoYuTUkkbAgp
+O1eBRvzBhDlSk3PlmqmclSsNrWvZ68Ps3CfPdFuAUQKBgQCizQAmblLOcOU7t4FG
+vrOljpAMdy5k7UX9WCJfh2oj2oeqps4QX8sP5jMCJ/xqV38laZwilzYclBkBxYkV
+8UORV5adcPwzDtbWEJwXGl+lexqoCqE5bzw902MsGs1lNUaLq0slzHi5MiSTABw5
+8StCdOB8ScACT8sA7PSLtB5tFg==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEMTCCAxmgAwIBAgIJAJkeAuBCh3BcMA0GCSqGSIb3DQEBCwUAMIGuMQswCQYD
+VQQGEwJTRTEbMBkGA1UECAwSw4PClnN0ZXJnw4PCtnRsYW5kMRUwEwYDVQQHDAxM
+aW5rw4PCtnBpbmcxIDAeBgNVBAoMF0xpbmvDg8K2cGluZyB1bml2ZXJzaXR5MQww
+CgYDVQQLDANJREExGDAWBgNVBAMMD2V4YW0uaWRhLmxpdS5zZTEhMB8GCSqGSIb3
+DQEJARYSZXhhbWFkbUBpZGEubGl1LnNlMB4XDTE4MTAxMDA5MDA1NFoXDTE5MTAx
+MDA5MDA1NFowga4xCzAJBgNVBAYTAlNFMRswGQYDVQQIDBLDg8KWc3RlcmfDg8K2
+dGxhbmQxFTATBgNVBAcMDExpbmvDg8K2cGluZzEgMB4GA1UECgwXTGlua8ODwrZw
+aW5nIHVuaXZlcnNpdHkxDDAKBgNVBAsMA0lEQTEYMBYGA1UEAwwPZXhhbS5pZGEu
+bGl1LnNlMSEwHwYJKoZIhvcNAQkBFhJleGFtYWRtQGlkYS5saXUuc2UwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2svfv8cME8QucTRZPPkZzlB/Q+EtG
+aVjP4eUzoYJDYZmVvYm8PUPTm0Gt6y2FTAKB0MPQXK9YOPtqZkHgYd48YtG19unB
+CM2jAUcjS+OTGcFdVT76f09N/wcmE+CyLn+MJ+BFt0iiF9234Q+BIjXce0QZ7day
+B0xA+BpUfN38LV0NcEdS2oE2grsS7Yb4GUe8WhY7zWZ0FscRy3VGA6o+nFqWg/Oj
+6tqnbih0R+F58SNXxfJr45T82mayqZpUVVMsRnL9CY31twmZjA+u1bRQQiQWzDAU
+U0jS7YwNubfAYbY3CSz9nUHeuC/tb56q6SkQuuDfsi6CNMizgVP68IVfAgMBAAGj
+UDBOMB0GA1UdDgQWBBRqv5AZRJwtXuUX6AHrlLX0aUbIHjAfBgNVHSMEGDAWgBRq
+v5AZRJwtXuUX6AHrlLX0aUbIHjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQAdQTEGj98+KhIxefx7zoyj8diEo1Qz9Kjqby33B7Hfn2Itlzp+gYODrvXv
+gigBuWKzNgc6T58v665OAmkYcnAPhRG81WB7Uj62BC7ELJDplkKPLa+Ah9FAYmWN
+ol9ntDX05xcuSPI0xfSENoy2A4zLPV/F8uriNG0+KaDPEo5TwyqaFi2m03+JS15/
+nRGtTKs+m6eeeCiSkPBuub8RRSpV1QW25ZDOySIsk5zGTMpBpbmvnNQT5gcKskJG
+e8ulxklbx4txHe4WnEzr78bD7LA78FNZfaBi+R/K6kVCg2hZuVWh73dULFJqew7y
+E92s6UhmHuLFxZhI0MYoAxJaoYl1
+-----END CERTIFICATE-----
diff --git a/files/squid/helpers/rules.d/cplusplus.rules b/files/squid/helpers/rules.d/cplusplus.rules
new file mode 100644
index 0000000000000000000000000000000000000000..1730bb6ef9c7247be2512fe7fed6f89faa07dd24
--- /dev/null
+++ b/files/squid/helpers/rules.d/cplusplus.rules
@@ -0,0 +1,20 @@
+// C++ reference
+^https?://www\.cplusplus\.com/forum.* false
+^https?://www\.cplusplus\.com/article.* false
+^https?://www\.cplusplus\.com/info.* false
+^https?://www\.cplusplus\.com/doc.* false
+^https?://www\.cplusplus\.com/contact.* false
+^https?://www\.cplusplus\.com/.* true
+
+^https?://en\.cppreference\.com/w/cpp/language/typeid true
+^https?://en\.cppreference\.com/w/cpp/language.* false
+^https?://en\.cppreference\.com/w/cpp/preprocessor.* false
+^https?://en\.cppreference\.com/w/cpp/keyword.* false
+^https?://en\.cppreference\.com/w/c/language.* false
+^https?://en\.cppreference\.com/w/c/preprocessor.* false
+^https?://en\.cppreference\.com/w/c/keyword.* false
+^https?://en\.cppreference\.com/? true
+^https?://en\.cppreference\.com/w/? true
+^https?://en\.cppreference\.com/w/cpp/.* true
+^https?://en\.cppreference\.com/mwiki/index.php\?.* true
+^https?://en\.cppreference\.com/mwiki/load.php\?.* true
diff --git a/files/squid/helpers/rules.d/default.rules b/files/squid/helpers/rules.d/default.rules
new file mode 100644
index 0000000000000000000000000000000000000000..b0f64719d09a4c70dbd2001ae988f44d90b2b238
--- /dev/null
+++ b/files/squid/helpers/rules.d/default.rules
@@ -0,0 +1,10 @@
+// Default rules
+
+^https?://www\.ida\.liu\.se/mall11/.* true
+^https?://www\.ida\.liu\.se/~examadmx?/.* true
+^https?://www\.ida\.liu\.se/~examadmx?/.* true
+^https?://help\.opera\.com/errorpage/.* true
+^https?://tentix\.ida\.liu\.se:3128/squid-internal-mgr/info true
+
+// Firefox
+^https?://detectportal\.firefox\.com/success\.txt true
diff --git a/files/squid/helpers/rules.d/dn.rules b/files/squid/helpers/rules.d/dn.rules
new file mode 100644
index 0000000000000000000000000000000000000000..b46a7f7143ec8c24b11a8d5949292bc185072cbb
--- /dev/null
+++ b/files/squid/helpers/rules.d/dn.rules
@@ -0,0 +1,2 @@
+// C++ reference
+^https?://www\.dn\.se/.* true
diff --git a/files/squid/helpers/rules.d/essa.rules b/files/squid/helpers/rules.d/essa.rules
new file mode 100644
index 0000000000000000000000000000000000000000..051602e7ee35d3f7b593891ba81735e9b308844b
--- /dev/null
+++ b/files/squid/helpers/rules.d/essa.rules
@@ -0,0 +1,5 @@
+// LISAM
+^https?://docs\.python\.org/3/library/.* true
+^https?://docs\.python\.org/3/_static/.* true
+^https?://docs\.python\.org/3/search\.html\?.* true
+^https?://docs\.python\.org/3/searchindex\.js$ true
diff --git a/files/squid/helpers/rules.d/java.rules b/files/squid/helpers/rules.d/java.rules
new file mode 100644
index 0000000000000000000000000000000000000000..c3aa81f78e88c47b259e6312a9a31411c6d4d974
--- /dev/null
+++ b/files/squid/helpers/rules.d/java.rules
@@ -0,0 +1,5 @@
+// Java API reference
+^https?://docs\.oracle\.com/javase/7/docs/api/.* true
+
+// Ahmed Java API reference
+^https?://www\.ida\.liu\.se/~TDDC77/extra/api-7/.* true
diff --git a/files/squid/helpers/rules.d/opendsa.rules b/files/squid/helpers/rules.d/opendsa.rules
new file mode 100644
index 0000000000000000000000000000000000000000..220b9b9e046fd83039f550e040485fb819f38674
--- /dev/null
+++ b/files/squid/helpers/rules.d/opendsa.rules
@@ -0,0 +1,40 @@
+// OpenDSA
+
+// New setup on tentix
+
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/Books/TDDI16_190827/.* true
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/Books/TDDE22_190827/.* true
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/Books/TDDD86_190827/.* true
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/lib/.* true
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/JSAV/.* true
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/AV/.* true
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/DataStructures/.* true
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/SourceCode/.* true
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/Exercises/.* true
+^https?://www\.ida\.liu\.se/edu/ugrad/datortenta/OpenDSA/khan-exercises/.* true
+
+
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDI16_190110/.* false
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDC91_190110/.* false
+
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDD86_181219/.* false
+
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDC91_181029/.* false
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDI16_181029/.* false
+
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDD86_180828/.* false
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDC91_180828/.* false
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDI16_180828/.* false
+
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDD86_180404/.* false
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDI16_170822/.* false
+^https?://www\.ida\.liu\.se/~examadm/OpenDSA/Books/TDDC91_170104/.* false
+^https?://tentix\.ida\.liu\.se:12000/api/v1/.* true
+^https?://exam\.ida\.liu\.se:12000/api/v1/.* true
+^https?://cdn\.mathjax\.org/mathjax/.* true
+^https?://cdnjs\.cloudflare\.com/ajax/libs/mathjax/.* true
+^https?://code\.jquery\.com/jquery-.*.js true
+^https?://code\.jquery\.com/ui/.*/jquery-ui.css$ true
+^https?://code\.jquery\.com/ui/.*/jquery-ui.js$ true
+^https?://code\.jquery\.com/ui/.*/jquery-ui.min.js$ true
+^https?://d3js.org/d3-selection-multi.v1.min.js true
diff --git a/files/squid/helpers/rules.d/python.rules b/files/squid/helpers/rules.d/python.rules
new file mode 100644
index 0000000000000000000000000000000000000000..77149faadcf177e06a2a3d16a4ae447f56510cde
--- /dev/null
+++ b/files/squid/helpers/rules.d/python.rules
@@ -0,0 +1,5 @@
+// Python library reference
+^https?://docs\.python\.org/3/library/.* true
+^https?://docs\.python\.org/3/_static/.* true
+^https?://docs\.python\.org/3/search\.html\?.* true
+^https?://docs\.python\.org/3/searchindex\.js$ true
diff --git a/files/squid/helpers/rules.d/rstudio.rules b/files/squid/helpers/rules.d/rstudio.rules
new file mode 100644
index 0000000000000000000000000000000000000000..c978bae6520485f8def6d7209402fd064fb9e830
--- /dev/null
+++ b/files/squid/helpers/rules.d/rstudio.rules
@@ -0,0 +1,46 @@
+// RStudio rules
+// ^https?://cran\.rstudio\.com/.* true
+
+^https?://cran\.rstudio\.com/src/.* true
+^https?://cran\.r-project\.org/src/.* true
+
+// ^https?://cran\.rstudio\.com/src/contrib/.* true
+
+// 732A51
+^https://bioconductor\.org/packages/.* true
+^https://bioconductor\.org/biocLite\.R true
+
+// 732G33
+^https?://raw\.githubusercontent\.com/STIMALiU/KursRprgm/master/Labs/Tests/.* true
+
+// 732GA98
+^https?://plot\.ly/r/reference.* true
+^https?://ggplot2\.tidyverse\.org/.* true
+^https?://shiny\.rstudio\.com/reference/shiny/.* true
+^https?://www\.jasondavies\.com/wordtree/.* true
+
+// For plot.ly
+^https?://fonts\.googleapis\.com/css\?family=.* true
+^https?://cdnjs\.cloudflare\.com/ajax/libs/.*\.js true
+^https?://ajax\.googleapis\.com/ajax/libs/.*\.js true
+^https?://maxcdn\.bootstrapcdn\.com/.*\.js true
+^https?://maxcdn\.bootstrapcdn\.com/.*\.css true
+^https?://plot\.ly/gh-pages/documentation/static/.* true
+^https?://images\.plot\.ly/assets/.* true
+^https?://images\.plot\.ly/excel/.*\.png true
+^https?://plot\.ly/images/plotly-ico\.png true
+^https?://help\.plot\.ly/stylesheets/.* true
+^https?://cdn\.jsdelivr\.net/.*\.js true
+^https?://www\.googletagmanager\.com/gtag/js\?.* true
+^https?://.*-dsn\.algolia\.net/1/indexes/\*/queries\?x-algolia-api-key=.* true
+
+// For shiny.rstudio.com
+^https?://shiny\.rstudio\.com/lib/.* true
+^https?://shiny\.rstudio\.com/css/.* true
+^https?://shiny\.rstudio.com/images/.*\.svg true
+^https?://cdn\.bizible\.com/scripts/.*\.js true
+^https?://cdn\.bizible\.com/m/ipv\?.* true
+^https?://cdn\.bizible\.com/BizibleAcct\.js\?.* true
+
+// For jasondavies
+^https?://www\.jasondavies\.com/.*\.js true
diff --git a/files/squid/helpers/rules.d/ruby.rules b/files/squid/helpers/rules.d/ruby.rules
new file mode 100644
index 0000000000000000000000000000000000000000..aeecf446ee08a9b1547fd34aa19dcb1c07d4ee03
--- /dev/null
+++ b/files/squid/helpers/rules.d/ruby.rules
@@ -0,0 +1,4 @@
+// Ruby documentation
+^https?://ruby-doc\.org/.* true
+^https?://rubular\.com/.* true
+^https?://api\.rubygems\.org/.* true
diff --git a/files/squid/helpers/rules.d/sas.rules b/files/squid/helpers/rules.d/sas.rules
new file mode 100644
index 0000000000000000000000000000000000000000..50a32e3398442fe9f49b97ccc5127a4ed7d8c0dc
--- /dev/null
+++ b/files/squid/helpers/rules.d/sas.rules
@@ -0,0 +1,10 @@
+// SAS tenta
+^https?://sas-exam\.edu\.liu\.se/.* true
+^https?://salamix2\.ida\.liu\.se/.* true
+^https?://www\.gstatic\.com/.* true
+
+// Requested by examiner, but may contain forums?
+// support.sas.com
+// documentation.sas.com
+^https?://documentation\.sas\.com/.* true
+^https?://support\.sas\.com/.* true
diff --git a/files/squid/helpers/squid-url-rewrite.py b/files/squid/helpers/squid-url-rewrite.py
new file mode 100755
index 0000000000000000000000000000000000000000..e6ac941a960998137b401ab7b03d47e512b4545b
--- /dev/null
+++ b/files/squid/helpers/squid-url-rewrite.py
@@ -0,0 +1,94 @@
+#!/usr/bin/env python3
+
+import sys
+import re
+import datetime
+
+errorpage = "http://www.ida.liu.se/~examadm/empty"
+basedir = "/usr/libexec/squid/helpers"
+
+def modify_url(line, ruleset):
+### [channel-ID <SP>] URL <SP> client_ip "/" fqdn <SP> user <SP> method [<SP> kv-pairs]<NL>
+ list = line.split(' ')
+
+ if list[0].isdigit():
+ url = list[1]
+ else:
+ url = list[0]
+
+ for i in list[2:]:
+ if i == "CONNECT":
+ return "OK"
+
+ if url == "https://www.ida.liu.se/~examadm/start.html":
+ return "OK rewrite-url=\"https://www.ida.liu.se/edu/ugrad/datortenta/start.html"
+
+ r = re.match('https://www\.ida\.liu\.se/~opendsa/(.*)', url)
+ if r != None:
+ return "OK rewrite-url=\"http://exam.ida.liu.se:12000/" + r.group(1) + "\""
+
+ for i in ruleset:
+
+ if i[0].match(url) != None:
+# if re.match(i[0], url) != None:
+
+ if i[1]:
+ return "OK"
+ else:
+ return "OK rewrite-url=\"" + errorpage + "\""
+
+ return "OK rewrite-url=\"" + errorpage + "\""
+
+ # return "OK status=302 url=\"" + errorpage + "\""
+ # "status" can only be used in the "Using an HTTP redirector" case,
+ # not in the "Using a re-writer to mangle the URL as it passes" case
+ # RTFM: https://wiki.squid-cache.org/Features/Redirectors
+
+
+def load_rules(ruleset, filename):
+ with open(filename, 'r') as f:
+
+ for line in f:
+ if not re.match('(^#.*)|(^//.*)|(^;.*)|(^--.*)|^ *$', line):
+ columns = line.strip().split()
+ ruleset.append( [ re.compile(columns[0]), columns[1].lower() == 'true' ] )
+# ruleset.append( [ columns[0], columns[1].lower() == 'true' ] )
+
+
+def main():
+
+ ruleset = list()
+ load_rules(ruleset, basedir + "/rules.d/default.rules")
+ load_rules(ruleset, basedir + "/rules.d/rstudio.rules")
+ load_rules(ruleset, basedir + "/rules.d/cplusplus.rules")
+ load_rules(ruleset, basedir + "/rules.d/opendsa.rules")
+ load_rules(ruleset, basedir + "/rules.d/python.rules")
+ load_rules(ruleset, basedir + "/rules.d/java.rules")
+ load_rules(ruleset, basedir + "/rules.d/ruby.rules")
+ load_rules(ruleset, basedir + "/rules.d/sas.rules")
+# load_rules(ruleset, basedir + "/rules.d/dn.rules")
+
+ with open('/tmp/access.log', 'a') as log:
+ try:
+ while True:
+
+ line = sys.stdin.readline().strip()
+
+ log.write('{}: {}\n'.format(datetime.datetime.now().strftime("%Y-%m-%d_%H-%M"), line))
+ log.flush()
+
+ log.write("From: " + line + "\n")
+ log.flush()
+
+ new_url = modify_url(line, ruleset)
+
+ log.write("To: " + new_url + "\n")
+ log.flush()
+
+ sys.stdout.write(new_url + '\n')
+ sys.stdout.flush()
+ except Exception as e:
+ sys.stderr.write( e )
+ sys.stderr.flush()
+
+main()
diff --git a/files/squid/squid.conf b/files/squid/squid.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f5098c7017cfe555facb9642d12bf5d398a18647
--- /dev/null
+++ b/files/squid/squid.conf
@@ -0,0 +1,145 @@
+# klaar@ida 2015,2016,2019:
+#
+# Inititate cache dir:
+# /home/examadm/lsw/sbin/squid -z
+#
+# Rotate logs:
+# /home/examadm/lsw/sbin/squid -k rotate
+#
+# Starting: (ssl_crtd not running stable on nfs, locking problem)
+# ulimit -Sn 4096
+# mkdir -p /tmp/squid/var/lib
+# /home/examadm/lsw/libexec/ssl_crtd -c -s /tmp/squid/var/lib/ssl_db
+# /home/examadm/lsw/sbin/squid -YC
+#
+# Stopping:
+# /home/examadm/lsw/sbin/squid -k shutdown
+#
+# Manager-URL:
+# http://tentix.ida.liu.se:3128/squid-internal-mgr/info
+#
+# Yearly update of certificate:
+# 1. Generate certificate:
+# openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
+# openssl x509 -in myCA.pem -outform DER -out myCA.der
+#
+# 2. Change config option "http_port" below
+# 3. Add the "-----BEGIN CERTIFICATE-----" part from the PEM file to
+# ~/.config/curl/curl_ca_bundle.crt
+# to let curl know about the new CA (needed for RStudio HTTPS
+# downloads, the module for RStudio will set CURL_CA_BUNDLE
+# environment variable.)
+# 4. Change in exam environment, (after added in Chromium myCA.der end up "somewhere" in ~/.pki/*
+# Use this command to edit chrome exam template settings:
+# env -i XAUTHORITY=/home/examadm/.Xauthority DISPLAY=$DISPLAY HOME=/home/examadm/Version-3.1/sea/env/courses/template_student_home_files/owned_by_uid chromium-browser --proxy-server="exam.ida.liu.se:3128" --temp-profile
+
+#
+# Recommended minimum configuration:
+#
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
+acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
+acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
+acl localnet src fc00::/7 # RFC 4193 local private network range
+acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
+acl ad srcdomain ad.liu.se
+acl edu srcdomain edu.liu.se
+acl ida srcdomain ida.liu.se
+acl isy srcdomain isy.liu.se
+
+acl SSL_ports port 443
+acl Safe_ports port 80 # http
+acl Safe_ports port 443 # https
+acl Safe_ports port 3128 # squid cachemgr
+acl Safe_ports port 12000 # opendsa
+# acl Safe_ports port 21 # ftp
+# acl Safe_ports port 70 # gopher
+# acl Safe_ports port 210 # wais
+# acl Safe_ports port 1025-65535 # unregistered ports
+# acl Safe_ports port 280 # http-mgmt
+# acl Safe_ports port 488 # gss-http
+# acl Safe_ports port 591 # filemaker
+# acl Safe_ports port 777 # multiling http
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access allow ida manager
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+url_rewrite_program /usr/libexec/squid/helpers/squid-url-rewrite.py
+logfile_rotate 6
+
+#auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth
+# auth_param basic program /usr/libexec/squid/helpers/squid-auth-param.py
+# auth_param basic children 5 startup=5 idle=1
+# auth_param basic realm Squid proxy-caching web server
+# auth_param basic credentialsttl 5 hours
+
+# acl student proxy_auth REQUIRED
+# http_access deny !student
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+http_access allow all
+http_access allow localnet
+http_access allow ad
+http_access allow edu
+http_access allow ida
+http_access allow isy
+http_access allow localhost
+
+# And finally deny all other access to this proxy
+http_access deny all
+
+# Squid normally listens to port 3128
+# http_port 3128
+http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/libexec/squid/helpers/certificate/Oct18-Oct19/myCA.pem
+always_direct allow all
+ssl_bump server-first all
+
+# Inititate with:
+# /usr/lib64/squid/ssl_crtd -c -s /var/lib/ssl_db
+sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
+sslcrtd_children 32 startup=5 idle=1
+
+# the following two options are unsafe and not always necessary:
+sslproxy_cert_error allow all
+sslproxy_flags DONT_VERIFY_PEER
+workers 8
+
+# Uncomment and adjust the following to add a disk cache directory.
+cache_dir ufs /var/cache/squid 128 16 256 max-size=4MB
+cache_mem 256 MB
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/cache/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp: 1440 20% 10080
+refresh_pattern ^gopher: 1440 0% 1440
+refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
+refresh_pattern . 0 20% 4320
diff --git a/manifests/init.pp b/manifests/init.pp
index 46e9466f3e308cd1fbec5f8ca79c245fdd85ac03..dc93df542014228498f0e6a96316b697bd4402c2 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,4 +1,5 @@
class aes {
+ include aes::squid_filter
include ::liurepo::centos_sclo_rh
package {
@@ -32,12 +33,36 @@ class aes {
sshkey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAwq552ev0T5YyWDUoEi2hY8hhm6iZHoSnfXNjCpW8eeigSd66FMdaXfWCmwLP/u3Cmino/x5SQQuo1f1RbbHuRQ3iztT/+LIJdqIjCf5rlTKhWx4Goo+weWpNlikHB6A8A1JWbY7yq/sMCiLjO4yYQ606BzwOGY+D0Wsq6lIoadL8USQJU2WKIjHOoAqPdV4HpCk3VxI/KanjyUivXKHq6eVH4yc0m97w9B/5M2UGET5nF2hx5SsoWkd4V3rALGsD3iUwfqxgOaZv62qwldEjFCsBamQfaQGNCJFYdJkmpNTlO46ywV4IC1wFbv7xqPIL33HFK5Q2TepsvdMK3ZRpWQ==', # lint:ignore:140chars
}
+ ::users::liu_user { 'vikol94':
+ commonname => 'Viktor Olsson',
+ shell => '/bin/bash',
+ sshkey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEA0GeKSAjEV2RxxybyX6OYJ7ZcKS1g1lkv7XLsnEL9etQtNyKTS399XmYrBlBHZf7BTuZFzcwatDJ7YFdvFo0nCtU2P0HsS/Jgfy3Lv7/cXZFH+J52kw/3vOkMh9aEVLjfPGL6GNzICOtq0mpOXaxKR6zYBYaKH7JXU+oJnFUwW07iwopeW/eAwnxWDHIISGF9qcNkvmGcRod2EtnEbThz912prTFE6iZDtr/6QxcuJh5GxuhXgrebjHaVAS15kAJYoko+j2waPtSpT5+/SXb6S0/jA1M3GkF1dxLrwUE99pdwsPVff4D4uzIvFQaOx4jmLuxMDerbMgitEs9djGimFQ==', # lint:ignore:140chars
+ }
+
+ ::users::liu_user { 'magni54':
+ commonname => 'Magnus Nielsen',
+ shell => '/bin/bash',
+ sshkey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAvWbp0OXIj3hIHpv6J88TCEXq/Ne46VcM8XAC+A4bDIuL2rOtMjTy5OmcAQwMPmyOh2x9xla5gCsEeNNPIKp2ujzsHqjlwl+0QD1teEOF/dnm2M0bTLOEUZhysyGRtn09o+hInAlswlq+3AVIeUo5A9xK7B+VX5Ap9RA4CNaR3/nuMLrNLP/xVyLEGazIXmh0O/pGhQV6KorJlyNYMtHCakLRzKWyP63Bs7uAGsotBntxyueKXa/RqAkMCnrlPT+z3UfxTmT0cjBCuvVdiEEhQ6MfIMzXaoqRBmbq42EpmSVZrXyTcR6s6Cz5/jSxSi17GcbH9twhRSXm+XfYFIhv9w==', # lint:ignore:140chars
+ }
+
+ ::users::liu_user { 'torjo38':
+ commonname => 'Torbjörn Jonsson',
+ shell => '/bin/bash',
+ sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDbYFQ5iuox4ZxjleyIR4Pebp045xV1AhcaGXLNsBAMEk08d5ExPVXdoTsNcV9aGDH3mMnhihe4d3bY8xh919n5f500VY6TI1BQKDYUq5HXxbgfl6AG96WntcRc8OIKo31hjMc4o+GPawgvpit7cWs4tWBAxoenJcB43m99AaVH6xd8e6DYC6os6Zv69hu+hD/01aFzJEnANAAsDRqr5b+LUy/qKeRWzT1zGSzWUOeJBHS9rGXHIPmgoOs7FMCtT3w/lzoehxDNCsOUG8aBBb4jH7zDB59fYE3bp55lxjx176AraFHv/H/hcB6EGkqyOyMppHi2B0uPRxlTFOtNVSHptqKINh9NMYAniv+ZUGylJZMSWSQkRSI7U65EvfOaLFTHB/+IBfWAaXjcA0fNcm3lG0tCRXg3rbpumQ2ikq23FpFzNHG+T+383pJjeOjvZB26ij5C+vZ+jEJyXyL528OjO8sOmHEeR6lyc2UjAeHbf7//+gv/bo7wDTSMZVySLKXVwxY+eCEAwh8aVQHCmwx/qWmfE9FuKYZ6AZfdCPpCSQOZY97aQTMMAcSgLV2sYrMim9QpylkH0h4RLhBo76w+83Cg1uprv1ypag0RXIOu+BV0gOHAa3DxhCgWtf9JR3B4YDAq8GaYuVRq9Q6c9+iPo+EmQEdbU+7X4Loj34auOw==', # lint:ignore:140chars
+ }
+
::server_firewall::rules_file { '45-permit_squid.rules':
content => @(EOF),
service squid is tcp/3128
+ service sclogin is tcp/23431
+ service aesms is tcp/23816
+
policy chain INPUT is
accept service:squid from class:liu-nets
+ accept service:sclogin from class:liu-nets
+ accept service:aesms from class:liu-nets
end policy
|-EOF
}
+
}
diff --git a/manifests/squid_filter.pp b/manifests/squid_filter.pp
new file mode 100644
index 0000000000000000000000000000000000000000..6c8355996914cc7c156aefa20e1d51748ef3a20d
--- /dev/null
+++ b/manifests/squid_filter.pp
@@ -0,0 +1,65 @@
+class aes::squid_filter {
+
+ package { "squid" :
+ ensure => "present",
+ }
+
+ file { '/etc/squid/squid.conf':
+ ensure => file,
+ mode => '0644',
+ owner => root,
+ group => root,
+ content => file("${module_name}/squid/squid.conf"),
+ }
+
+ file { '/usr/libexec/squid/helpers':
+ ensure => directory,
+ recurse => true,
+ purge => true,
+ force => true,
+ owner => squid,
+ group => squid,
+ mode => '0644',
+ source => "puppet:///modules/${module_name}/squid/helpers",
+ }
+
+ file { '/usr/libexec/squid/helpers/squid-url-rewrite.py':
+ ensure => file,
+ owner => squid,
+ group => squid,
+ mode => '0755',
+ source => "puppet:///modules/${module_name}/squid/helpers/squid-url-rewrite.py",
+ }
+
+ file { '/var/cache/squid' :
+ ensure => directory,
+ mode => '0750',
+ owner => squid,
+ group => squid,
+ }
+
+ file { '/var/log/squid' :
+ ensure => directory,
+ mode => '0750',
+ owner => squid,
+ group => squid,
+ }
+
+ file { '/var/lib/ssl_db' :
+ ensure => directory,
+ mode => '0750',
+ owner => squid,
+ group => squid,
+ }
+
+ exec { '/usr/lib64/squid/ssl_crtd -c -s /var/lib/ssl_db' :
+ user => "squid",
+ group => "squid",
+ creates => '/var/lib/ssl_db/certs',
+ }
+
+ service { "squid" :
+ ensure => "running",
+ }
+
+}