alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Apache mod_proxy Reverse Proxy Exposure 2"; flow:established,to_server; http.uri; content:"|3a|@"; http.request_line; content:"GET|20 3a|@"; depth:6; reference:url,www.contextis.com/research/blog/reverseproxybypass/; reference:url,mail-archives.apache.org/mod_mbox/httpd-announce/201110.mbox/%3C20111005141541.GA7696@redhat.com%3E; classtype:attempted-recon; sid:2013792; rev:6; metadata:created_at 2011_10_24, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_06;)