Hello,
We are using Apache HTTPD 2.4.53 for an internal content management system. It
is not customer-facing. The security solution considers the proxy vulnerable to
an "Unauthenticated/Open Web Proxy Detected" vulnerability. After many back and
forths with them to check if it's a false positiv
I suspect you are not running a forward proxy on purpose, so you should not
have "ProxyRequests ON" in your configuration. You should just test
without this, remove the other additions, and move on.
If you're running a forward proxy on purpose, you have to restrict who can
access it (and what hos