On Thu, 4 Sep 2003, Jeroen Massar wrote: > Requiring a "IKnowIAmOperatingAOpenProxy" flag that needs to > be set explicitly would be a better idea then :)
That's what the ProxyRequests directive does. Giving it a silly name isn't going to help ;-) > Seriously, we could add a default deny for outgoing port > 25 (smtp) and 6660-6670 (irc) proxied connections. > This won't really hurt anyone as I don't see any reasons > why anybody would want that. A special "AllowProxyPorts 25 6660-6670" > directive could then turn those ports open too. > We could even try to limit it to defaultly allowing only > the proxying of port 80 and 443 and denying the rest for instance. Bill Wrowe is a fan of the last idea. I'm neutral about making it the default, but I think it would be good to make it configurable. You should be specific here, however. We are talking about a directive that would allow *outgoing* proxy connections only on specific ports. For example AllowForwardProxy 80 8080 8888 Joshua.
