When using DeleGate as a proxy on a multi-homed host, with different network interface for an external (xx.xx.xx.xx) and an internal (ii.ii.ii.ii) network respectively, the simplest configuration to allow access only from the inside is specifying the interface of port to accept clients as this:
By default, DeleGate allows access from a client-host only if the host is on "local network". What the "local network" is is pre-defined as the special host-list named ".localnet". It can be redefined with a HOSTLIST parameter as this for example:
When it is difficult or insufficient to control access based on the IP address or host-name of clients, you can use password based authentications, or certificate based authentication when using SSL. For example, PAM based password authentication can be done as this:
To enable the certificate based authentication, specify "-Vrfy" option of the SSLway filter.
When using DeleGate as a "reverse proxy", it should be configured not to be utilized to access arbitrary ports and/or hosts not amied by the administrator. The REACHABLE parameter can be used combined with any application protocols to restrict reachable host (and port).