+ <listitem>
+ <para>
+ By default (i.e. in the absence of a <quote>+limit-connect</quote>
+ action), <application>Junkbuster</application> will only allow CONNECT
+ requests to port 443, which is the standard port for https as a
+ precaution.
+ </para>
+
+ <para>
+ The CONNECT methods exists in HTTP to allow access to secure websites
+ (https:// URLs) through proxies. It works very simply: the proxy
+ connects to the server on the specified port, and then short-circuits
+ its connections to the client <emphasis>and</emphasis> to the remote proxy.
+ This can be a big security hole, since CONNECT-enabled proxies can
+ be abused as TCP relays very easily.
+ </para>
+
+ <para>
+ If you want to allow CONNECT for more ports than this, or want to forbid
+ CONNECT altogether, you can specify a comma separated list of ports and
+ port ranges (the latter using dashes, with the minimum defaulting to 0 and
+ max to 65K):
+ </para>
+
+ <para>
+ <literal>
+ <MSGText>
+ <literallayout>
+ <emphasis>+limit-connect{443} # This is the default and need no be specified.</emphasis>
+ <emphasis>+limit-connect{80,443} # Ports 80 and 443 are OK.</emphasis>
+ <emphasis>+limit-connect{-3, 7, 20-100, 500-} # Port less than 3, 7, 20 to 100</emphasis>
+ <emphasis> #and above 500 are OK.</emphasis>
+ </literallayout>
+ </MSGText>
+ </literal>
+ </para>
+
+ </listitem>
+
+ <listitem>
+ <para>
+ <quote>+no-compression</quote> prevents the website from compressing the
+ data. Some websites do this, which can be a problem for
+ <application>Junkbuster</application>, since <quote>+filter</quote>,
+ <quote>+no-popup</quote> and <quote>+gif-deanimate</quote> will not work on
+ compressed data. This will slow down connections to those websites,
+ though. Default is <quote>nocompression</quote> is turned on.
+ </para>
+
+ <para>
+ <literal>
+ <MSGText>
+ <literallayout>
+ <emphasis>+nocompression</emphasis>
+ </literallayout>
+ </MSGText>
+ </literal>
+ </para>
+ </listitem>
+