The configuration file specifies what the server should proxy. It consists of a sequence of statements, which can be of four forms:
Options supplied by the configuration file override built-in defaults and are overridden by command-line options.
Whenever an IP address (NOT a netmask) is specified, a hostname can be used instead. Beware, however: DNS cache poisoning attacks can cause you to trust people you don't think you're trusting, and all names are looked up at the server, so if your internal names are invisible from outside your firewall you will need to use IP numbers (and indeed, you're probably better off doing this anyway).
If you want to know exactly what is permitted under certain circumstances, you are referred to the parser.y and lexer.l files in the source distribution.