From what I read about it, sounds like one should be if server is configured a certain way or lacks configuration a certain way. To the best of my knowledge there is very little moodle code does in the way of proxy other than to know it's behind one ... it doesn't control apache.
Found CentOS 5/6 boxen already had one module loaded where the httpproxy site recommended and only had to add a line to cover the bases (so to speak). Then again, wasn't running anything proxy on it ... and haven't found a 'trustworthy' tool to test for this vulnerability.
Am not a security expert, BTW ... don't claim to be. Maybe someone with those credentials will share what they know. ;)
'spirit of sharing', Ken