Description

Your web server is configured to run as a proxy server. In order to avoid abuse, it's recommended to restrict access to this proxy server. Open proxy servers are dangerous both to your network and to the Internet at large.

Remediation

You can control who can access your proxy via the <Proxy> control block as in the following example: 

<Proxy *>
Order Deny,Allow
Deny from all
Allow from 192.168.0
</Proxy>

References

Apache module mod_proxy

Controlling access to your proxy

Related Vulnerabilities

Missing object-src in CSP Declaration

WebDAV directory listing

Laravel debug mode enabled

GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability

Tornado debug mode

Severity

Medium

Classification

CWE-441 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Configuration