Apache Proxy HTTP CONNECT method enabled

Description

Your web server is configured to run as a proxy server. In order to avoid abuse, it's recommended to restrict access to this proxy server. Open proxy servers are dangerous both to your network and to the Internet at large. Also, HTTP CONNECT method is enabled on this Apache web server. This can be used to launch attacks against internal machines or to, for example, use an internal mail server as an open relay.

Impact
Possible sensitive information disclosure.

Recommendation
You can control who can access your proxy via the <Proxy> control block as in the following example:

<Proxy *> Order Deny,Allow Deny from all Allow from 192.168.0 </Proxy>

References
Apache 1.x module mod_proxy
Apache 2.x module mod_proxy_connect