Amos Jeffries wrote:
Hi,
I have some hosts that use one squid-1 server that has a squid-2 parent:
I mean squid-1 has:
cache_peer parent.domain parent 8080 3130
But some sites are unaccessible, in special those sites with url having an
"?"
for example:
1242674301.146 104 10.128.255.189 TCP_MISS/503 1415 GET
http://ar.yahoo.com/? - DIRECT/209.191.93.55 text/html
You will get a better trace of these without stripping the query string.
http://www.squid-cache.org/Doc/config/strip_query_terms/
and browser shows:
Error
The requested URL could not be retrieved
While trying to retrieve the URL http://ar.yahoo.com/?
The following error was encountered:
*Connection to 209.191.93.55
The system returned:
(111) Connectio0n refused
Also, On the squid-1 iptables are doing REDIRECT.
Please could you tell me what's wrong?
By default dynamic pages cannot be trusted through peers. Squid up until
very recently added no-cache to peer requests (IIRC), which screws up the
bandwidth savings. So while its safe enough to turn on caching of dynamic
pages it's still a sticky issue if they pass through peers.
http://www.squid-cache.org/Doc/config/hierarchy_stoplist/
Also see
http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-f7c4c667d4154ec5a9619044ef7d8ab94dfda39b
Your trace shows Squid-1 is not using the squid-2 as a source, its just
trying to go there DIRECTly. And the source is actively doing a TCP level
reset/denial.
Amos
Chris
