Tomcat Ghostcat exploitable through apache webserver reverse proxy?

I would like to know if the ghostcat bug can be exploited through an Apache web server reverse proxy setup. This is our web server config. ServerName 192.168.178.1 ProxyPass / ajp://127.0.0.1:8009/sample/ ProxyPassReverse "^/(.*)" /sample/ ProxyPassReverseCookiePath /sample/ / I've tried to use some exploits from GitHub, but they only seem to work through the [Apache JServ Protocol](https://en.wikipedia.org/wiki/Apache_JServ_Protocol) port (8009) directly, and not through the reverse proxy (80). Does this mean that applications running behind reverse proxies are safe? Or is it possible to make use of the vulnerability, since Apache is simply forwarding all traffic to the AJP. We are also sometimes using a simple RewriteRule to redirect to the AJP RewriteRule / ajp://127.0.0.1:8009/sample/ [P] Which one is more secure?