httpd in RHEL 6.9 does not properly parse comments, resulting in the '#' character in "Allow" statements to accidentally match all IP addresses. This can lead to a bypass of intended security restrictions.
Name: KAWAHARA Masashi
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2017:2972 https://access.redhat.com/errata/RHSA-2017:2972