The information on this page for setting up an Apache proxy is incorrect and dangerous.

[kevingolding2001]

The instructions for setting up Apache say to turn ProxyRequests on. This is incorrect and dangerous. By doing so you turn Apache into an open proxy, which is ripe for abuse.

According to the Apache docs you don't need ProxyRequests on. You just need ProxyPass to set up a reverse proxy.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 9b20b470-161a-8723-b66d-c0c1804874f0
• Version Independent ID: 2712f7a2-90e7-0012-f7d9-f3a7e7e345d7
• Content: Host and deploy ASP.NET Core Blazor Server
• Content Source: aspnetcore/blazor/host-and-deploy/server.md
• Product: aspnet-core
• Technology: aspnetcore-blazor
• GitHub Login: @guardrex
• Microsoft Alias: riande

[guardrex]

Hello @kevingolding2001 ... I had no personal knowledge on the subject at the time it was published. Unfortunately, I think our product unit member who was helping with Apache and Nginx had left the team. I thought that Artak had looked it over and approved of the guidance at https://github.com/dotnet/AspNetCore.Docs/issues/14323 (cc: @rpc-scandinavia). However, I can see from the many Internet resources that you are correct. I'll 🔪 that immediately and update the live document. I'll also search the whole repo and make sure it doesn't appear elsewhere.

[kevingolding2001]

Thanks for the quick response. The cynical part of me was seeing weeks of pushback and arguing. But I'm glad to be wrong about that.