Hi, I would like to propose this patchset allowing to set maximum TTL value for incoming requests. This is not a usual use case, but I'm interested (maybe others too) to have this in place. The real use case would be like this one http://blog.donatas.net/blog/2017/04/20/http-request-validation/.
TL;DR: if you want to deny requests bypassing proxy layer (in this case Apache operates as a backend). Hence set TTLimit to 1 and Apache will be able to handle requests coming almost from the local network, because packets with TTL usually come from local networks. I don't know which place is the right place to put patches, but original patch is here: https://bz.apache.org/bugzilla/show_bug.cgi?id=61179 https://bz.apache.org/bugzilla/attachment.cgi?id=35048 -- Donatas