Chris, Once again thanks heaps. You were absolutely spot on. We have total 4proxies (2 child & 2 parent proxies). Server A & Server C - parent proxies (2nd tier)Server B & Server D - Child proxies (1st tier) 1st Tier uses NTLM authentication via the the Samba WINBIND process.2nd Tier is located in the DMZ with no authentication required. This is the main reason we are using 1st tier and 2nd tier proxies.For this type of setup could you please recommend whether to configureboth proxy's to cache or just 2nd tier proxies as cache and 1st tiersas proxy only. Basically I want to achieve better performance thanwhat we have now. At the moment as explained to you before both 1sttier and 2nd tier are caching. Once again thanks a million. Regards. On 2/18/06, Chris Robertson <crobertson@xxxxxxx> wrote:> > -----Original Message-----> > From: Raj [mailto:sunfire2005@xxxxxxxxx]> > Sent: Thursday, February 16, 2006 6:08 PM> > To: Chris Robertson> > Cc: squid-users@xxxxxxxxxxxxxxx> > Subject: Re: parent cache information> >> >> > Thanks a lot for that. I can only specify proxy-only option on server> > B right? Because I am not using cache_peer option on server A which is> > facing the internet.>> Well, there is a no-cache directive that works independently of cache_peer lines...>> > If I use proxy-only option on Server B, then Server B just acts as> > proxy and it will cache only non-duplicate content. Are there any> > benifits in using 1st tier and 2nd tier proxys. Please reply.> >>> Actually, I think that using the proxy-only option will prevent Server B from caching ANY content it retrieves from Server A (which in your case would mean ALL content not cached on Server B, a catch 22). Cache hierarchies are usually used when there are many disparate child proxies (branch offices proxy through the main hub) or there is a bottle neck at each point (small pipe between child and parent proxy, medium pipe between parent and internet). Other times, an other type of proxy is used as a parent (DansGuardian, virus scanner, etc.). I'm not sure of the reason for the set-up you describe. Perhaps access to the proxy in the DMZ is limited to one specific IP address (the child proxy) by the firewall. Perhaps the child proxy was at some point going to perform authentication from a source not available from the DMZ. Perhaps the DMZ proxy was going to be acting as an accelerator, and the only way to allow access to the accelerated website from within the LAN was to pass all traffic through the parent.>> Chris>