FAQ
How to configure Proxy+ to be more secure
(Proxy+ 2.31 and older version related)

Note: Proxy+ 2.40 contains some new features and new default settings. It offers better default security and additional security features. See there if you want to see updated version of this article: Art04127.htm

Question:
I want to be sure that my Proxy+ is configured to be secure. What can I check?

Answer:
By default Proxy+ allows connection from any IP address. It is highly recommended to configure Proxy+ to restrict the access. Only the stations from you LAN or another secure computers should be allowed to access the Proxy+'s services.

Solution:

• Security options
  By default Proxy+ doesn't check remote client's IP address. All requests are allowed and processed. When the Proxy+ is installed and initially configured it is highly recommended to restrict the access only to the secure client stations. In most cases it means that you should enable access from your local network only. It can be easily done using "Proxy Settings/Security/Secure interfaces" settings.
  
  Note: if it is enabled Proxy+ writes information about all security violations into SecLog.TXT file.
  
  Related articles:
  Secure Interfaces example
  Secure clients example
  
• SMTP server relaying
  By default Proxy+'s mail server (if it is enabled) allows relaying for messages those are sent from any IP address. It means that anybody from the Internet can send the message through Proxy+'s mail server to non-local users (in another words message from the Internet can be send back to the Internet). To avoid this you have to configure "Mail/SMTP -> Enable relaying for these clients" option. If this list is not empty only the listed IPs can send the messages out to the Internet. Other IPs can send only messages which recipient is defined on Proxy+ (only messages sent to the local accounts are allowed).
  
  Note: if you aren't using Proxy+ as an receiving SMTP server for Internet mail (you have no domain name registered and PC with Proxy+ is not used in appropriate MX record of domain or you didn't configure "Mail/SMTP Domains") it is better to include the SMTP and the POP3 connections to the Security settings ("Security/General -> Check security on SMTP connection" and "Security/General -> Check security on POP3 connection"). In this case all attempts to send the message to the Proxy+'s mail server from the Internet will be denied (if the Security settings will be correct, of course).
  
  Related articles:
  How to restrict mail relaying - example

Other recommended settings:

• WWW Admin password
  It is a good idea to set the WWW Admin password. Only the person that knows this password will be able to access WWW Admin pages which allows to change the Proxy+'s settings.
  You can define password for administrator on the page "Proxy Settings/Administrator/General"
  
  Related articles:
  How to access the WWW Admin interface when the password is lost
  
• Access List Rules
  Access List Rules allows to create more complicated access rules for most of services (the rules doesn't affect mail server (SMTP nor POP3) connection).
  
  Related articles:
  Access List Rules - examples

Related links:
Art04127 - How to configure P+ to be more secure (ver 2.40)
Art04126 - How to restrict mail relaying - example
Art00911 - Secure Interfaces example
Art00912 - Security settings (secure clients example)
Art02000 - How to access the WWW Admin interface when the password is lost
Art00909 - Access List samples