Howdy! In the how-to I wrote about caching with mod_proxy (http://www.zope.org/Members/rbeer/caching) there is a security problem insofar that if you setup your server just like that it will be a public proxy that people can use to cover their traces when accessing other websites. To disable this behavior you could e.g. add a LocationMatch directive to your httpd.conf that denies every request that doesn't start with a slash. <LocationMatch "^[^/]"> Deny from all </LocationMatch> To try out the problem and see the effect of the fix configure your browser to use www.mysite.org port 80 as a proxy (assuming the name of your site is www.mysite.org). Then try to access a page from your browser and look at your access_log. Thanks to Ivo van der Wijk for pointing out the problem! Cheers, Ragnar P.S.: I'll be in Switzerland for a couple of days and probably won't have internet access till monday. So if anybody replies and waits for my answer: please be patient ;)