I am now exploring to use Apache's mod_proxy's directive, eg ProxyPass, as part of solution for cross-domain scripting restriction (for html/ajax/flash code). However, I am afraid by enabling mod_proxy, I would risk having the server as open proxy.
What's the risk, and how to minimize the risk, in short?
Thanks.
Since you specifically mentioned ProxyPass, I'll assume you're using mod_proxy as a reverse proxy.
If that's the case, just make sure ProxyRequests is off. It isn't needed for reverse proxies.
In a forward proxy configuration, if you were to enable ProxyRequests without setting access restrictions (i.e., which hosts/networks are allowed to use the proxy) you could very easily wind up with an open proxy.
See the mod_proxy documentation for more info.
Just make sure to set ProxyRequests to Off:
This prevents Apache from acting as a forward proxy server (which is where the concern about an open proxy comes in), but does not affect its use as a reverse proxy using ProxyPass