RE: [users@httpd] How to fix Apache HTTPD Unauthenticated/Open Web Proxy Vulnerability?

2024-10-04 Thread Shinde, Pramod K
order" and "allow" and an unnecessary authconfig. I suggest starting over based on how you expect to limit users -- are you going to maintain a htpasswd entry for each user? Or use "require" to allow IP ranges or domains? Again, you need to be able to test this as you go

[users@httpd] How to fix Apache HTTPD Unauthenticated/Open Web Proxy Vulnerability?

2024-09-27 Thread Shinde, Pramod K
Hello, We are using Apache HTTPD 2.4.53 for an internal content management system. It is not customer-facing. The security solution considers the proxy vulnerable to an "Unauthenticated/Open Web Proxy Detected" vulnerability. After many back and forths with them to check if it's a false positiv