This is fixed in bionic and later. Leaving a task open for xenial.
Links to the upstream fix:
https://svn.apache.org/viewvc?view=revision&revision=1767483
https://github.com/apache/httpd/commit/950093162e445141c5126e4d11e6466e3184b0ce
** Also affects: apache2 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: apache2 (Ubuntu)
Status: Triaged => Fix Released
** Changed in: apache2 (Ubuntu Xenial)
Status: New => Triaged
** Changed in: apache2 (Ubuntu Xenial)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1769304
Title:
Apache2 mod_remoteip+rewrite allows client to forge IP address
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1769304/+subscriptions
--
Mailing list: https://launchpad.net/~enterprise-support
Post to : [email protected]
Unsubscribe : https://launchpad.net/~enterprise-support
More help : https://help.launchpad.net/ListHelp
