Sadly, I don't have any other ideas at the moment. But I do think that this issue does pose a security risk that should not be overlooked. Applications relying in any form on the source IP address for authentication or rate limitations might be affected.
I will have another look at the sources later on but I am not familiar with the remoteip codebase so I would not expect too much from that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1875299 Title: Apache's mod_remoteip: IP address spoofing via X-Forwarded-For when mod_rewrite rule is triggered To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
