Description

Your web server is configured to run as a proxy server. In order to avoid abuse, it's recommended to restrict access to this proxy server. Open proxy servers are dangerous both to your network and to the Internet at large. Also, HTTP CONNECT method is enabled on this Apache web server. This can be used to launch attacks against internal machines or to, for example, use an internal mail server as an open relay.

Remediation

You can control who can access your proxy via the <Proxy> control block as in the following example:

<Proxy *>
Order Deny,Allow
Deny from all
Allow from 192.168.0
</Proxy>

References

Related Vulnerabilities