Sébastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers.