This is fixed in bionic and later. Leaving a task open for xenial. Links to the upstream fix: https://svn.apache.org/viewvc?view=revision&revision=1767483 https://github.com/apache/httpd/commit/950093162e445141c5126e4d11e6466e3184b0ce
** Also affects: apache2 (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: apache2 (Ubuntu) Status: Triaged => Fix Released ** Changed in: apache2 (Ubuntu Xenial) Status: New => Triaged ** Changed in: apache2 (Ubuntu Xenial) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1769304 Title: Apache2 mod_remoteip+rewrite allows client to forge IP address To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1769304/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs