[问题求助][CentOS] 如何区别对待squid用户 [复制链接]

请问，如何给不同的用户匹配不同的访问规则，比如允许A访问某个或某些站点但.是B不可以之类.的？服务器

找到解决方法了.

是啊，说说呗！

iptalbes 就可以识别用户的uid来做到

这个uid必需是本机的吧？

man iptables:
  owner
       This  module  attempts to match various characteristics of the packet creator, for locally generated packets. This
       match is only valid in the OUTPUT and POSTROUTING chains. Forwarded packets do not have any socket associated with
       them. Packets from kernel threads do have a socket, but usually no owner.

       [!] --uid-owner username

       [!] --uid-owner userid[-userid]
              Matches  if  the  packet  socket's  file structure (if it has one) is owned by the given user. You may also
              specify a numerical UID, or an UID range.

       [!] --gid-owner groupname

       [!] --gid-owner groupid[-groupid]
              Matches if the packet socket's file structure is owned by the given group.  You may also specify a  numeri-
              cal GID, or a GID range.

       [!] --socket-exists
              Matches if the packet is associated with a socket.

acl banned url_regex "/etc/squid/banned.list"
acl user1 src 192.168.2.2/32
acl user2 src 192.168.2.3/32
http_access allow user1 banned
http_access deny banned
http_access allow user1
http_access allow user2
http_access deny all

在banned.list里写上qq，则user1能访问www.qq.com而user2不能

lz说的是用户！
你说的大家都知道吧！