-----BEGIN PGP SIGNED MESSAGE----- Joshua Slive [mailto:[EMAIL PROTECTED] wrote:
> On Thu, 4 Sep 2003, Jeroen Massar wrote: > > Requiring a "IKnowIAmOperatingAOpenProxy" flag that needs to > > be set explicitly would be a better idea then :) > > That's what the ProxyRequests directive does. Giving it a silly name > isn't going to help ;-) True, nothing much we can do about people not reading the docs :( > > Seriously, we could add a default deny for outgoing port > > 25 (smtp) and 6660-6670 (irc) proxied connections. > > This won't really hurt anyone as I don't see any reasons > > why anybody would want that. A special "AllowProxyPorts 25 6660-6670" > > directive could then turn those ports open too. > > We could even try to limit it to defaultly allowing only > > the proxying of port 80 and 443 and denying the rest for instance. > > Bill Wrowe is a fan of the last idea. I'm neutral about making it the > default, but I think it would be good to make it configurable. > > You should be specific here, however. We are talking about a > directive that would allow *outgoing* proxy connections only on > specific ports. For example > AllowForwardProxy 80 8080 8888 That could be the default then, if people would require other ports they would either need to add them or specify "All" if they are really sure of what they are doing. We should also convince packagers that they never include the All option per default or as a simple configuration option. If someone wants it, let them read the doc, which should contain the "you are opening up as an open relay" warning. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / [EMAIL PROTECTED] / http://unfix.org/~jeroen/ iQA/AwUBP1hHximqKFIzPnwjEQK6VgCfSJkykyhb+jvWp/ShzWrDcflhFxgAn26c RKAczDl/QqHK5kk8w8Mcvtqb =NT/J -----END PGP SIGNATURE-----
