Maybe this can help (from
https://www.hiawatha-webserver.org/manpages/hiawatha): ?
"Header <key> [!]<pattern> <action>
Perform an action when the HTTP header <key> matches the regular expresion <pattern>, where <action> can be one of the following:
Ban, Call, DenyAccess, Exit, Goto, OmitRequestLog, Return, Skip or Use.
A negative pattern (leading exclamation mark) can't be used with the redirect action. The <key> can be * to test every HTTP header. Note that the wildcard means 'any header', not 'every header'."
Something like :
UrlToolKit {
ToolkitID = httpoxy
Header Proxy !"" Ban
}
My idea test the Proxy header of value and IF NOT emtpy (""), ban it.