Update: I just re-read what jepri said and realized that I was wrong in my initial response. He is correct that a spoofed IP address will prevent a TCP connection from being established, since the origin application will need to use the TCP sequence number from the destination server's SYN-ACK packet to completely establish the connection. The stuff I said only applies to connectionless IP protocols, not those with connections like TCP. Sorry. I have removed the original contents of this node to avoid misleading anyone.

A TCP connection can only be spoofed if the TCP sequnce number returned by the server can be predicted. If it can, then an attacker with the ability to spoof IP addresses can just send all the packets for the HTTP request without requiring the acknowledging packets from the server. This is referred to as "Blind TCP Spoofing". This article provides a decent overview.