I think we've done pretty-much all we can. I wouldn't mind putting aWhat about sending a warning message to stderr/error_log upon startup if the proxy is not access controlled?
little note on the httpd.apache.org homepage saying "Have you secured your
proxy?" and point to the correct docs.
...HTTPS proxying is even worse and could be used to mount a variety of TCP attacks.
