On Sun, Mar 16, 2025 at 4:20 AM Zahid Rahman <zahidr1...@gmail.com> wrote: > > Let me rephrase my question then. Using Apache without the reverse proxy > feature > https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html > > Does it leave your apache webserver vulnerable to attack ?
No, enabling mod_proxy in a server doesn't make it any less vulnerable. What type of vulnerability could it possibly mitigate? It is reasonable to say that putting any application behind any proxy with anything resembling security or WAF-like features makes the backend less vulnerable to attack (on the whole). OTOH there are vulnerabilities that only affect proxies or the desync between the expectations of a proxy and the backends so this is not a total slam-dunk either. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
