httpd-admin on port 980/https is publicly available from the internet.
The main httpd instance on port 443/https has the upstream default. It is not secured with the state-of-the-art settings, I think because the default config file does not change during the release life cycle. The CentOS sysadmin knows it and fixes httpd configuration properly.
In NethServer our sysadmin is the template system. I think in this specific case the follow upstream default rule does not fit properly. Let’s fix the default value from our templates!