diff --git a/proxy.md b/proxy.md
index 4f5a397f..a8171b87 100644
--- a/proxy.md
+++ b/proxy.md
@@ -18,21 +18,15 @@ location /radicale/ { # The trailing / is important!
 }
 ```
 
-Example **Apache** configuration using front end authentication:
+Example **Apache** configuration:
 ```apache
 RewriteEngine On
 RewriteRule ^/radicale$ /radicale/ [R,L]
 
 <Location "/radicale/">
-    AuthType      Basic
-    AuthName      "Radicale - Password Required"
-    AuthUserFile  "/etc/radicale/htpasswd"
-    Require       valid-user
-
     ProxyPass        http://localhost:5232/ retry=0
     ProxyPassReverse http://localhost:5232/
     RequestHeader    set X-Script-Name /radicale/
-    RequestHeader    set X-Remote-User expr=%{REMOTE_USER}
 </Location>
 ```
 
@@ -59,6 +53,24 @@ location /radicale/ {
 }
 ```
 
+Example **Apache** configuration:
+```apache
+RewriteEngine On
+RewriteRule ^/radicale$ /radicale/ [R,L]
+
+<Location "/radicale/">
+    AuthType      Basic
+    AuthName      "Radicale - Password Required"
+    AuthUserFile  "/etc/radicale/htpasswd"
+    Require       valid-user
+
+    ProxyPass        http://localhost:5232/ retry=0
+    ProxyPassReverse http://localhost:5232/
+    RequestHeader    set X-Script-Name /radicale/
+    RequestHeader    set X-Remote-User expr=%{REMOTE_USER}
+</Location>
+```
+
 **Security:** Untrusted clients should not be able to access the Radicale
 server directly. Otherwise, they can authenticate as any user.