> Hi, > > I have some hosts that use one squid-1 server that has a squid-2 parent: > > I mean squid-1 has: > > cache_peer parent.domain parent 8080 3130 > > > But some sites are unaccessible, in special those sites with url having an > "?" > > for example: > > 1242674301.146 104 10.128.255.189 TCP_MISS/503 1415 GET > http://ar.yahoo.com/? - DIRECT/209.191.93.55 text/html > You will get a better trace of these without stripping the query string. http://www.squid-cache.org/Doc/config/strip_query_terms/ > > and browser shows: > > Error > The requested URL could not be retrieved > > While trying to retrieve the URL http://ar.yahoo.com/? > > The following error was encountered: > > *Connection to 209.191.93.55 > > The system returned: > > (111) Connectio0n refused > > > Also, On the squid-1 iptables are doing REDIRECT. > > Please could you tell me what's wrong? By default dynamic pages cannot be trusted through peers. Squid up until very recently added no-cache to peer requests (IIRC), which screws up the bandwidth savings. So while its safe enough to turn on caching of dynamic pages it's still a sticky issue if they pass through peers. http://www.squid-cache.org/Doc/config/hierarchy_stoplist/ Your trace shows Squid-1 is not using the squid-2 as a source, its just trying to go there DIRECTly. And the source is actively doing a TCP level reset/denial. Amos