Added more headers to inspect while looking for the remote IP address

config/autoload/ip-address.global.php

@@ -0,0 +1,19 @@
+<?php
+declare(strict_types=1);
+
+return [
+
+    'ip_address_resolution' => [
+        'headers_to_inspect' => [
+            'Forwarded',
+            'X-Forwarded-For',
+            'X-Forwarded',
+            'X-Cluster-Client-Ip',
+            'Client-Ip',
+            'X-Real-IP',
+            'CF-Connecting-IP',
+            'True-Client-IP',
+        ],
+    ],
+
+];

module/Common/src/Middleware/IpAddressMiddlewareFactory.php

@@ -23,6 +23,8 @@ class IpAddressMiddlewareFactory implements FactoryInterface
      */
     public function __invoke(ContainerInterface $container, $requestedName, array $options = null): IpAddress
     {
-        return new IpAddress(true, [], Visitor::REMOTE_ADDRESS_ATTR);
+        $config = $container->get('config');
+        $headersToInspect = $config['ip_address_resolution']['headers_to_inspect'] ?? [];
+        return new IpAddress(true, [], Visitor::REMOTE_ADDRESS_ATTR, $headersToInspect);
     }
 }

module/Common/test/Middleware/IpAddressMiddlewareFactoryTest.php

@@ -18,10 +18,15 @@ class IpAddressMiddlewareFactoryTest extends TestCase
         $this->factory = new IpAddressMiddlewareFactory();
     }
 
-    /** @test */
+    /**
-    public function returnedInstanceIsProperlyConfigured()
+     * @test
+     * @dataProvider provideConfigs
+     */
+    public function returnedInstanceIsProperlyConfigured(array $config, array $expectedHeadersToInspect): void
     {
-        $instance = $this->factory->__invoke(new ServiceManager(), '');
+        $instance = ($this->factory)(new ServiceManager(['services' => [
+            'config' => $config,
+        ]]), '');
 
         $ref = new ReflectionObject($instance);
         $checkProxyHeaders = $ref->getProperty('checkProxyHeaders');
@@ -30,9 +35,52 @@ class IpAddressMiddlewareFactoryTest extends TestCase
         $trustedProxies->setAccessible(true);
         $attributeName = $ref->getProperty('attributeName');
         $attributeName->setAccessible(true);
+        $headersToInspect = $ref->getProperty('headersToInspect');
+        $headersToInspect->setAccessible(true);
 
         $this->assertTrue($checkProxyHeaders->getValue($instance));
         $this->assertEquals([], $trustedProxies->getValue($instance));
         $this->assertEquals(Visitor::REMOTE_ADDRESS_ATTR, $attributeName->getValue($instance));
+        $this->assertEquals($expectedHeadersToInspect, $headersToInspect->getValue($instance));
+    }
+
+    public function provideConfigs(): iterable
+    {
+        $defaultHeadersToInspect = [
+            'Forwarded',
+            'X-Forwarded-For',
+            'X-Forwarded',
+            'X-Cluster-Client-Ip',
+            'Client-Ip',
+        ];
+
+        yield 'no ip_address_resolution config' => [[], $defaultHeadersToInspect];
+        yield 'no headers_to_inspect config' => [['ip_address_resolution' => []], $defaultHeadersToInspect];
+        yield 'null headers_to_inspect' => [['ip_address_resolution' => [
+            'headers_to_inspect' => null,
+        ]], $defaultHeadersToInspect];
+        yield 'empty headers_to_inspect' => [['ip_address_resolution' => [
+            'headers_to_inspect' => [],
+        ]], $defaultHeadersToInspect];
+        yield 'some headers_to_inspect' => [['ip_address_resolution' => [
+            'headers_to_inspect' => [
+                'foo',
+                'bar',
+                'baz',
+            ],
+        ]], [
+            'foo',
+            'bar',
+            'baz',
+        ]];
+        yield 'some other headers_to_inspect' => [['ip_address_resolution' => [
+            'headers_to_inspect' => [
+                'something',
+                'something_else',
+            ],
+        ]], [
+            'something',
+            'something_else',
+        ]];
     }
 }