diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
index f8a02176de..c9f3d70268 100644
--- a/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
@@ -35,11 +35,12 @@
  *
  * @author Luke Taylor
  * @author Steve Riesenberg
+ * @author Andrey Litvitski
  * @since 3.0.2
  */
 public final class IpAddressMatcher implements RequestMatcher {
 
-	private static Pattern IPV4 = Pattern.compile("\\d{0,3}.\\d{0,3}.\\d{0,3}.\\d{0,3}(/\\d{0,3})?");
+	private static Pattern IPV4 = Pattern.compile("^\\d{1,3}(?:\\.\\d{1,3}){0,3}(?:/\\d{1,2})?$");
 
 	private final InetAddress requiredAddress;
 
diff --git a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
index 72246c999f..1c3596d755 100644
--- a/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
+++ b/web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
@@ -27,6 +27,7 @@
 
 /**
  * @author Luke Taylor
+ * @author Andrey Litvitski
  */
 public class IpAddressMatcherTests {
 
@@ -167,4 +168,12 @@ public void toStringWhenOnlyIpIsProvidedThenReturnsIpAddressOnly() {
 		assertThat(matcher.toString()).hasToString("IpAddress [127.0.0.1]");
 	}
 
+	// gh-17499
+	@Test
+	public void constructorRejectsInvalidIpv4WithX() {
+		String badIp = "10x1x1x1";
+		assertThatIllegalArgumentException().isThrownBy(() -> new IpAddressMatcher(badIp))
+			.withMessage("ipAddress 10x1x1x1 doesn't look like an IP Address. Is it a host name?");
+	}
+
 }