Why and how should explicit HTTP connections to the CacheFlow appliance be denied from outside?