by adrien » Oct 25 03 7:25 am
The CONNECT method that is used for "SSL tunnelling" is used only by proxy clients, so it is completely invalid for you to receive such a command from the Internet.
By blocking it, you shouldn't be blocking any legitimate access, however if you only allow GET, then you may have issues with forms that use POST.
The other thing you can do is not bind the HTTP proxy to the external interface at all, and use either a TCP mapping, or a redirection in the ENS to pipe external connections through to your web server.
Adrien