3
Dec

AWS Lambda - Layer

   Posted by: admin   in Mẹo vặt của hiếu râu, python

mkdir lambda-layer

cd lambda-layer

cat requirements.txt

pgpy

docker run -v "$PWD":/var/task "lambci/lambda:build-python3.8" /bin/sh \
  -c "pip install -r requirements.txt -t python/lib/python3.8/site-packages/; exit"
zip -r -9 layer.zip python
AWS Lambda, create layer from zip file, linux_x86 python3.8
AWS Lambda, create function, add custom layer
https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html
https://docs.aws.amazon.com/lambda/latest/dg/python-package.html
import json, boto3,os, sys, uuid, pgpy

s3_client = boto3.client("s3")
S3_BUCKET = 'defend-ai-images'
S3_ENCRYPTED = 'defend-encrypted-images'
S3_PREFIX = 'my'

def lambda_handler(event, context):
    response = s3_client.list_objects_v2(
        Bucket=S3_BUCKET,)
    keyCount = response["KeyCount"]
    if keyCount==0:
        return keyCount
    s3_files = response["Contents"]

    pub_blob="""-----BEGIN PGP PUBLIC KEY BLOCK-----

xsFNBGOI6lMBEACYAJgGRJaIXz1XWimgsuCLwXV2l3aPYCIFv4dRg6deLKJH/bVW
R35eileDuA8e3ynvlsBHwiJL+l2gxDMUI03iL+DxXN7OqpR43Hxh/E8MyPHVsi19
OB6XDtkJ8LdFGAZqBP+E6tctw02nn7D4PoGdDa7LSDFnjivBXLQcT5omH+7ftbkI
cUTQWGg4dTHtSOIR8IvCm9r8oF4lDAjiwIIQn1NPTfYsYy+IS+nJ9uzUBCr9PCuK
6SJmnw+ikd+nuhl/ljJiWRL0JcJrKxk7W1UuoqVITmNsrtVDCjF0tKZEy/uIDrYH
9d9KMKcN0zR/dZZZrPVtl5cWg0lBkAplk800nx56z6MHQs0SDOI/bLssqeP0auml
rnTxFpCaQXSgFsE9AvjE8zX807gok7D4tpjFIWPA6Ns9W8wUoNbu2mgiJzYhZCQW
lqJ+N0FuJ1oTllyne+YVzWe/MydU6e9N6e1y6NkrKkqUHMG6b8igePoX3ug2z2MZ
XRnSMVkcq50+VV3c6ymBL8GtqNgYf7e3njfQicnGfniG1tE8iPcy8gcKOgjO8mZe
50eyWHRR1kFMWsbVthQByzPnkfAK4dCb7tcZ6SHruuU9iF+6fvKLxsERC9jsWIqm
8zJ1Q4ZsxL/NNXRaCED4DHWrjiAZBN+QTsluZQnah6rattXl0/CQJflVJwARAQAB
zTBIYXJyeSAoSGFycnlzIHRlc3Qga2V5KSA8aGFycnlAaGVscHVzZGVmZW5kLmNv
bT7CwYoEEwEIADQFAmOI6q0CGw4ECwkIBwUVCAkKCwUWAgMBAAIeARYhBBXleiAB
F1iZVTFWE9uksLIDVhvQAAoJENuksLIDVhvQ+GkQAIfDEYgvQMWRSWdJQ7LRAiHr
7OJY21CCJhUZdfJnNqVmcuK3n9n7m+qRpb8FjrKPgXjspGzUHbGpVnRurBOLRFFE
71V56xMmBzsR2Ku47pxoif3ZBZjOHE8DplMTP62uAcBjMaHpkHCjZh1FCzj7syEZ
khtO+Zhc6WCIZBzRPSoS7EBRG8ayxlox09PnDOnWNIanA/fHrY9RsGA36XToamQ+
0Kv8H2i+kfPVFxIWFAJea+Oaud1igzOATcu5NmYcF9Cc17ELy1JMYnxxoCZIAZs3
mLPhv+7BqWiflIuxx7hKPlJ1N4s7dsJNE+emMuXf/N9r8p9hOnCfscrW1qxsv+if
WekfuAmjs/E29pA1MVe3Rqrf65aQcjXPynRQbbIdVo0Ln9mkJL+6SkTV/Nl014YU
w33+Tuep7MFERRuBBGQ1RMgRqSd8T5f4DEnlwVkEvd5F2ZafjfWf01SZ2q5Dmowa
nS/MOtOTMYSCn3SlQyCMKDdbJ6pMe1GYWfPUIU2EEG/JtBuiCtjw1m/8EpJIoGo6
4DgxPjQEQR1Dqz0ZZ/fQii+F6EFrVGsEOBZgnMYod9m4ONxU1zDJAxvihb0gi0hm
rv+u4/VyE7nrsFxDMFN6lzQd6psSe5m++ENjzTNA/pN1B7HtLlTc/ioL6qaCMDg0
tRbz8aGnRHl9XWWIPPsW
=28Qw
-----END PGP PUBLIC KEY BLOCK-----
"""
    pubkey, _ = pgpy.PGPKey.from_blob(pub_blob)
    s3_jpgs = filter(lambda obj: obj['Key'].endswith('.jpg'), s3_files)
    s3 = boto3.resource("s3")
    for s3_file in s3_jpgs:
        file_content = s3_client.get_object(
            Bucket=S3_BUCKET, Key=s3_file["Key"])["Body"].read()
        message = pgpy.PGPMessage.new(file_content)
        encrypt_content = pubkey.encrypt(message)
        output_file_name=s3_file["Key"]
        s3.meta.client.put_object(Body=bytes(encrypt_content), Bucket=S3_ENCRYPTED, Key=output_file_name)
        s3.meta.client.delete_object(Bucket=S3_BUCKET, Key=s3_file["Key"])

    return keyCount

pip3 install pgpy

[root@master-node pgp]# cat keygen.py

from pgpy.constants import PubKeyAlgorithm, KeyFlags, HashAlgorithm, SymmetricKeyAlgorithm, CompressionAlgorithm

import pgpy

key = pgpy.PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 4096)

uid = pgpy.PGPUID.new(’Harry’, comment=’Harrys test key’, email=’harry@——.com’)

key.add_uid(uid, usage={KeyFlags.Sign, KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage},

hashes=[HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512, HashAlgorithm.SHA224],

ciphers=[SymmetricKeyAlgorithm.AES256, SymmetricKeyAlgorithm.AES192, SymmetricKeyAlgorithm.AES128],

compression=[CompressionAlgorithm.ZLIB, CompressionAlgorithm.BZ2, CompressionAlgorithm.ZIP, CompressionAlgorithm.Uncompressed])

print(key)

print(key.pubkey)

==================================
[root@master-node pgp]# cat encrypt.py
import sys
import pgpy
pubkey, _ = pgpy.PGPKey.from_file(”pgpkey.pub”)
message = pgpy.PGPMessage.new(sys.argv[1], file=True)
encrypted_message = pubkey.encrypt(message)
fo=sys.argv[2]
f2=open(fo,”w”)
f2.write(str(encrypted_message))
f2.close()
=====================================
[root@master-node pgp]# cat decrypt.py
import sys
import pgpy
key, _ = pgpy.PGPKey.from_file(”pgpkey”)
#f1=open(sys.argv[1],”rb”)
#message=f1.read()
#f1.close()
message = pgpy.PGPMessage.from_file(sys.argv[1])
decrypted_message = key.decrypt(message).message
fo=sys.argv[2]
f2=open(fo,”wb”)
f2.write(bytes(decrypted_message))
f2.close()
=========================================

pip3 install pyopenssl

pip3 install cryptography

============================================

[root@master-node encryption]# cat keygen.py
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
# Generate the RSA private key
key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
)
pem = key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
)
print(pem)
public_key = key.public_key()
pem = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
print(pem)
===========================================
[root@master-node encryption]# cat encrypt.py
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives.serialization import load_pem_public_key
import sys
public_pem_data=b’—–BEGIN PUBLIC KEY—–\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ikdHKIUkRKKmxm5OMmH\nX8T2mx05ggDD7oEqZBd8×9lrzLOmADPoYT/qZGpFkXu6ys9IWlIqGp96qRsXQaRA\nO5EJziNdrCpMYGZFX5cxc8hnVh15h8DrvWj7pKoNmWkZhLiQ+vFsWLq3m41omQi/\ndhNMybPLsLGqS7EOO17z1VifSp33XOXLNZkrU3otItoqPPNq6nAXuINXZsPTdRY7\nk/ERmEXU2l6+GMKWnesRWm7txJSTgdpH8hjfoSZmJTHy7+uZqTdHC3PpCojZeIRw\ndgOEErYnKEHMQ6/4DV0a0tF5BzwXhrolSYkWmpt65pblbLQAzgR0KA91F8iJHp5Y\ncQIDAQAB\n—–END PUBLIC KEY—–\n’
key = load_pem_public_key(public_pem_data)
fi.open(sys.argv[1],’rb’)
message = fi.read()
fi.close()
ciphertext = key.encrypt(
message,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
fo=open(sys.argv[2],’wb’)
f.write(ciphertext)
f.close()
===========================================
[root@master-node encryption]# cat decrypt.py
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa, padding
pem_data=b’—–BEGIN RSA PRIVATE KEY—–\nMIIEogIAdf8a1kupHcqgVHzcBlgBfRDBr\nEQyKr9JWXzLTwgbpft/7qvOkv4T0pOzhWBvKJaKvm1sY+4l+Z1g=\n—–END RSA PRIVATE KEY—–\n’

fi=open(sys.argv[1],’rb’)
ciphertext=fi.read()
fi.close()
key = load_pem_private_key(pem_data, password=None)
plaintext = key.decrypt(
ciphertext,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
print(plaintext)
fo=open(sys.argv[2],’wb’)
f.write(plaintext)
f.close()
==========================================
https://www.misterpki.com/python-public-private-key-encryption/
19
Oct

pv - Progress monitoring

   Posted by: admin   in Mẹo vặt của hiếu râu

  • To turn on the display bar, use the -p option.
  • To view the elapsed time, use the –timer option.
  • To turn on ETA timer which tries to guess how long it will take before completion of an operation, use the –eta option. The guess is based on previous transfer rates and the total data size.
  • To turn on a rate counter use the –rate option.
  • To display the total amount of data transferred so far, use the –bytes option.
  • To display progress inform of integer percentage instead of visual indication, use the -n option. This can be good when using pv with the dialog command to show progress in a dialog box.
copy file
# pv source > /tmp/dest
zip a file
#pv /var/log/syslog | zip > syslog.zip
tar dir
# tar -czf - ./Downloads/ | (pv -p --timer --rate --bytes > backup.tgz)
tar with dialog
# tar -czf - ./Documents/ | (pv -n > backup.tgz) 2>&1 | dialog --gauge "Progress" 10 70
26
Aug

iSCSI targetcli

   Posted by: admin   in Linux nông dân

#yum install targetcli
#targetcli
/> ls
o- / [...]
o- backstores [...]
| o- block [Storage Objects: 1]
| | o- dev_sdb [/dev/sdb (60.0GiB) write-thru activated]
| | o- alua [ALUA Groups: 1]
| | o- default_tg_pt_gp [ALUA state: Active/optimized]
| o- fileio [Storage Objects: 0]
| o- pscsi [Storage Objects: 0]
| o- ramdisk [Storage Objects: 0]
o- iscsi [Targets: 1]
| o- iqn.2003-01.org.linux-iscsi.iscsid.x8664:sn.bfc48a1cbef2 [TPGs: 1]
| o- tpg1 [no-gen-acls, no-auth]
| o- acls [ACLs: 1]
| | o- iqn.1998-01.com.vmware:3a4fc8a8-5206-a0e0-146c-500100030000-057c77a5 [Mapped LUNs: 1]
| | o- mapped_lun1 [lun1 block/dev_sdb (rw)]
| o- luns [LUNs: 1]
| | o- lun1 [block/dev_sdb (/dev/sdb) (default_tg_pt_gp)]
| o- portals [Portals: 1]
| o- 0.0.0.0:3260 [OK]
o- loopback [Targets: 0]
/>

To create a block backstore from the targetcli shell:

/> cd /backstores/block
/backstores/block> create name=LUN_1 dev=/dev/xvdb

To create a fileio backstore from the targetcli shell:

/> cd /backstores/fileio
/backstores/fileio> create name=LUN_3 /root/disk1.img 5G

To create an iSCSI target

/> cd /iscsi
/iscsi> create

cd tpg1/luns
tpg1/luns> create /backstores/block/LUN_1 lun1

ACLs
cd tpg1/acls
create iqn.1998-01.com.vmware:3a4fc8a8-5206-a0e0-146c-500100030000-057c77a5

/>saveconfig

6
Mar

Linux NFS

   Posted by: admin   in Mẹo vặt của hiếu râu

Server side

yum install nfs-utils
systemctl enable rpcbind
systemctl enable nfs-server
systemctl enable nfs-lock
systemctl enable nfs-idmap
systemctl start rpcbind
systemctl start nfs-server
systemctl start nfs-lock
systemctl start nfs-idmap


vi /etc/exports
/_ISOs  *(rw,sync,no_subtree_check,insecure)
mkdir -p /_ISOs

chmod -R 777 /_ISOs

exportfs -rav
exportfs -v
showmount -e

systemctl stop nfs-server
systemctl start nfs-server
systemctl status nfs-server
Client side

yum install nfs-utils
mkdir /_ISOs

mount -t nfs <serverIP>:/_ISOs /_ISOs/

xe sr-create name-label=ISO_IMAGES_LOCAL type=iso device-config:location=/_ISOs deviceconfig:legacy_mode=true content-type=iso

cfdisk /dev/sdb

vgcreate

xe sr-create name-label=”2TB” shared=false device-config:device=/dev/sdb type=lvm
lvdisplay
27
Oct

fail2ban centos 7

   Posted by: admin   in Linúc ếch bợt

action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s",actionstart_on_demand=false]

action = %(action_)s

rm jail.d/00-firewalld*

15
Apr

Bash convert number

   Posted by: admin   in Mẹo vặt của hiếu râu

Method of converting scientific notation (e) to numbers under Linux (tutorialfor.com)

Scientific notation uses e to identify values,The idea of ​​turning scientific computing into numbers:press the number to the right of e to move the number of decimal places.If the number to the right of e is negative,Then move the decimal point to the left.Examples are as follows:

  1. 1.2345678e2=123.45678
  2. 1.2345678e-2=0.012345678
  3. 1.7615562e + 06=1761556.2
  4. 1.87982e7=18798200
  5. 1e3=1000

So how do you convert scientific notation into numbers in the shell,The method is as follows:Here take “1.7615562e + 06″ (or 1.7615562e6) as an example:

  1. [root@kevin ~] #echo "1.7615562e6" | gawk "$1=strtonum ($1)"
  2. 1.76156e + 06

1) Conversion of scientific notation to decimal

  1. [root@kevin ~] #printf "%f" 1.7615569e + 06
  2. 1761556.900000
  3. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"
  4. 1761556.900000
  5. [root@kevin ~] #echo "1.7615569e + 03" | awk "{printf ("%f ", $0)}"
  6. 1761.556900
  7. [root@kevin ~] #echo "1.7615569e + 04" | awk "{printf ("%f ", $0)}"
  8. 17615.569000
  9. [root@kevin ~] #echo "1.7615569e-6" | awk "{printf ("%f ", $0)}"
  10. 0.000002
  11. [root@kevin ~] #echo "1.7615569e-4" | awk "{printf ("%f ", $0)}"
  12. 0.000176
  13. [root@kevin ~] #echo "1.7615569e-3" | awk "{printf ("%f ", $0)}"
  14. 0.001762
  15. [root@kevin ~] #echo "1.7615569e-2" | awk "{printf ("%f ", $0)}"
  16. 0.017616

Note:This method,In the conversion result, 6 digits are reserved after the decimal point:

1) If the number after e is positive,6 digits should be reserved after the decimal point, if not enough,Make up with 0.

2) If the number after e is negative,6 digits should be reserved after the decimal point.6 bits are reserved.

2) Convert scientific notation to decimal and retain two decimal places

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%. 2f ", $0)}"
  2. 1761556.90

Keep three decimal places

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%. 3f ", $0)}"
  2. 1761556.900

3) Scientific notation is converted to decimal and rounded

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%d ", $0)}"
  2. 1761556
  3. [root@kevin ~] #echo "1.7615569e3" | awk "{printf ("%d ", $0)}"
  4. 1761
  5. [root@kevin ~] #echo "1.7615569e02" | awk "{printf ("%d ", $0)}"
  6. 176

4) Scientific notation is converted to decimal and rounded

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%d ", $0 + 0.5)}"
  2. 1761557
  3. [root@kevin ~] #echo "1.7615563e + 06" | awk "{printf ("%d ", $0 + 0.5)}"
  4. 1761556

5) How to remove the useless 0 after the decimal point, you can refer to:daily operation and maintenanceIntercept string in shell scriptPractice, that is, using variable expansion

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"
  2. 1761556.900000
  3. [root@kevin ~] #var=$(echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}")
  4. [root@kevin ~] #echo ${var %%0 *}
  5. 1761556.9

Or use the sed method

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"
  2. 1761556.900000
  3. [root@kevin ~] #var=$(echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}")
  4. [root@kevin ~] #echo "$var" | sed "s/0 * $//"
  5. 1761556.9
  6. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}" | sed "s/0 * $//"
  7. 1761556.9

6) Sed removes the characters after the decimal point

  1. [root@kevin ~] #echo "kevin.123" | sed "s /\.*//g"
  2. kevin123
  3. \ .. * represents 1 or more after the decimal point
  4. [root@kevin ~] #echo "kevin.123" | sed "s /\..*//g"
  5. kevin
  6. [root@kevin ~] #echo "kevin_123" | sed "s/\ _ * //g"
  7. kevin123
  8. [root@kevin ~] #echo "kevin_123" | sed "s /\_.*//g"
  9. kevin

Command explanation:

* Represents 0 to more. Therefore, \. * Can only replace the decimal point and become empty.\ _ * Similarly.

. * Stands for 1 or more. Therefore, \ .. * removed everything after the decimal point.\ _. * Similarly.

7) Description of numerical calculation in the shell

  1. 1) bc method
  2. bc is a more commonly used linux computing tool,And supports floating-point operations:
  3. [root@kevin ~] #a=`echo 1 + 1 | bc`
  4. [root@kevin ~] #echo $a
  5. 2
  6. This method cannot solve the precision problem of floating point arithmetic,The following floating point calculations are silly x!
  7. [root@kevin ~] #a=`echo 1 + 1 | bc`
  8. [root@kevin ~] #echo $a
  9. 2
  10. [root@kevin ~] #b=`echo" 1.2 * 1.2 "| bc`
  11. [root@kevin ~] #echo $b
  12. 1.4
  13. [root@kevin ~] #c=`echo" 5.0/3.0 "| bc`
  14. [root@kevin ~] #echo $c
  15. 1
  16. [root@kevin ~] #d=`echo" scale=2;5.0/3.0 "| bc`
  17. [root@kevin ~] #echo $d
  18. 1.66
  19. [root@kevin ~] #e=`echo" scale=2;5.0/6.0 "| bc`
  20. [root@kevin ~] #echo $e
  21. .83
  22. 2) expr method
  23. Does not support floating point calculations,This is a pit,And pay attention to the spaces in numbers and operators.
  24. [root@kevin ~] #a=`expr 1 + 1`
  25. [root@kevin ~] #echo $a
  26. 1 + 1
  27. [root@kevin ~] #a=`expr 1 + 1`
  28. [root@kevin ~] #echo $a
  29. 2
  30. [root@kevin ~] #b=`expr 10/2`
  31. [root@kevin ~] #echo $b
  32. 5
  33. 3) $(()) method
  34. Same as expr, does not support floating point arithmetic
  35. [root@kevin ~] #a=$((1 + 1))
  36. [root@kevin ~] #echo $a
  37. 2
  38. [root@kevin ~] #b=$((1 + 3))
  39. [root@kevin ~] #echo $b
  40. 4
  41. 4) let method
  42. Does not support floating point arithmetic,And does not support direct output,Can only be assigned
  43. [root@kevin ~] #let a=1 + 1
  44. [root@kevin ~] #echo $a
  45. 2
  46. [root@kevin ~] #let b=50/5
  47. [root@kevin ~] #echo $b
  48. 10
  49. [root@kevin ~] #let c=1.2 * 2
  50. -bash:let:c=1.2 * 2:syntax error:invalid arithmetic operator (error token is ".2 * 2")
  51. 5) Awk method
  52. Common operations:
  53. [root@kevin ~] #a=`echo | awk" {print 1.0/2.0} "`
  54. [root@kevin ~] #echo $a
  55. 0.5
  56. control precision:
  57. [root@kevin ~] #b=`echo | awk" {printf ("%. 2f", 1.0/2.0)} "`
  58. [root@kevin ~] #echo $b
  59. 0.50
  60. Passing parameters:
  61. [root@kevin ~] #c=`echo | awk -v a=1 -v b=3" {printf ("%. 4f", a/b)} "`
  62. [root@kevin ~] #echo $c
  63. 0.3333
  64. Awk combined with begin (retain 6 digits after the decimal point)
  65. [root@ss-server ~] #awk "begin {printf"%.2f %%\ n ", (87/500) * 100}"
  66. 17.40%
  67. [root@ss-server ~] #awk "begin {printf"%.2f %%\ n ", (100/300) * 100}"
  68. 33.33%

in summary,Or awk’s method is the most reliable,Other methods have corresponding problems.Therefore, it is recommended to use awk to perform mathematical calculations in daily maintenance scenarios.

11
Mar

Squid Reverse Proxy

   Posted by: admin   in Mẹo vặt của hiếu râu

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

# Squid normally listens to port 3128
http_port 80 accel defaultsite=46.17.175.144 vhost

cache_peer 10.96.8.19 parent 9080 0  no-query originserver name=harry_frontend
acl sites_harry_frontend dstdomain frontend.helpusdefend.org www.helpusdefend.org
cache_peer_access harry_frontend allow sites_harry_frontend
http_access allow sites_harry_frontend

http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all
//==========================================


cache_peer ip.of.server1 parent 80 0 no-query originserver name=server_1
acl sites_server_1 dstdomain www.example.com example.com
cache_peer_access server_1 allow sites_server_1

cache_peer ip.of.server2 parent 80 0 no-query originserver name=server_2
acl sites_server_2 dstdomain www.example.net download.example.com .example.net
cache_peer_access server_2 allow sites_server_2
acl foo urlpath_regex ^/foo

cache_peer ip.of.server1 parent 80 0 no-query originserver name=server1
cache_peer_access server1 deny foo

cache_peer ip.of.server2 parent 80 0 no-query originserver name=server2
cache_peer_access server2 allow foo
cache_peer_access server2 deny all

SquidFaq/SquidAcl - Squid Web Proxy Wiki (squid-cache.org)