An open proxy is a proxy that is accessible from the internet and can be used as a proxy by users on the internet. The use of an open proxy is primarily to circumvent the user's network security. Having a proxy that is susceptible to open proxy use can lead to attacks that may overload the device causing serious performance degradation. Even after an open proxy has been secured, since it was previously discovered, it is likely that failed attacks which can overwhelm the network will continue for some time. This is why it is important to safeguard against open proxy attacks upon deployment of the ProxySG. Typically, due to the nature of the deployment, reverse proxies are prone to being an open proxy since they are usually accessible from the internet. However, even in forward proxy deployments, when the proxy has a public IP address (or is otherwise publicly accessible) it can also be inadvertently set up as an open proxy.

To help prevent your ProxySG from being an open proxy,  it is important to do the following:

• Set the default policy option to "DENY"
• Set policy rules to allow requests to only specified domains (such as those that relate to the back-end servers in reverse proxy deployments)
• Set policy rules to allow requests from only specified subnets (primarily for publicly accessible forward proxies)