On Thu, 28 Aug 2003, Joshua Slive wrote: > I think we've done pretty-much all we can. I wouldn't mind putting a > little note on the httpd.apache.org homepage saying "Have you secured your > proxy?" and point to the correct docs.
+1. Additionally, Eli and I have been conversing a bit more off-list, and it does seem that having some additional blocking mechanism (besides IP-based access control or password-based authentication) would be needed in some cases where open HTTP proxy is intended but open SMTP tunneling is not. Perhaps ProxyBlock will suffice. Confirmation would be cool.
