Description

Your web server is configured to run as a proxy server. In order to avoid abuse, it's recommended to restrict access to this proxy server. Open proxy servers are dangerous both to your network and to the Internet at large. Also, HTTP CONNECT method is enabled on this Apache web server. This can be used to launch attacks against internal machines or to, for example, use an internal mail server as an open relay.

Remediation

You can control who can access your proxy via the <Proxy> control block as in the following example: 

<Proxy *>
Order Deny,Allow
Deny from all
Allow from 192.168.0
</Proxy>

References

Apache 1.x module mod_proxy

Apache 2.x module mod_proxy_connect

Related Vulnerabilities

Laravel debug mode enabled

Drupal trusted_host_patterns setting not configured

TLS/SSL certificate key size too small

Web Cache Poisoning via POST Request

Yii2 Gii extension

Severity

Medium

Classification

CWE-441 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration