order" and "allow" and an unnecessary
authconfig. I suggest starting over based on how you expect to limit users --
are you going to maintain a htpasswd entry for each user? Or use "require" to
allow IP ranges or domains? Again, you need to be able to test this as you go
Hello,
We are using Apache HTTPD 2.4.53 for an internal content management system. It
is not customer-facing. The security solution considers the proxy vulnerable to
an "Unauthenticated/Open Web Proxy Detected" vulnerability. After many back and
forths with them to check if it's a false positiv