IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. CREATE(Triage):(User=admin) [CVE-2020-11985|https://nvd.nist.gov/vuln/detail/CVE-2020-11985]