At 02:41 PM 9/4/2003, Joshua Slive wrote: >> Seriously, we could add a default deny for outgoing port >> 25 (smtp) and 6660-6670 (irc) proxied connections. >> This won't really hurt anyone as I don't see any reasons >> why anybody would want that. A special "AllowProxyPorts 25 6660-6670" >> directive could then turn those ports open too. >> We could even try to limit it to defaultly allowing only >> the proxying of port 80 and 443 and denying the rest for instance. > >Bill Wrowe is a fan of the last idea. I'm neutral about making it the >default, but I think it would be good to make it configurable. > >You should be specific here, however. We are talking about a directive >that would allow *outgoing* proxy connections only on specific ports. For >example >AllowForwardProxy 80 8080 8888
I'm thinking even a patternmatch might not be a bad idea, just crufty as all can be... AllowForwardProxy *80 Food for thought. Bill
