Remote Addr are not handled the same since akrabat/ip-address-middleware >= 2.5

[ymage]

Shlink version

version >=4.4.0

PHP version

8.3

How do you serve Shlink

Self-hosted RoadRunner

Database engine

MySQL

Database version

11.6

Current behavior

Shlink run in docker container which is reverse-proxified with traefik/nginx.
X-Real-IP and X-Forwarded-For are both correctly set with the client address and REMOTE_ADDR is the proxy address.
When the visit is tracked, only the REMOTE_ADDR is registered, which is a 172.16.0.0/12 non routed IP address since akrabat/ip-address-middleware >= 2.5 (akrabat/ip-address-middleware#51)

Expected behavior

Shlink should allow to set trusted_proxies to akrabat/ip-address-middleware in order to get it to ignore them and retrieve the X-Real-IP header IP address

Minimum steps to reproduce

Run a shlink container behind a reverse-proxy with a private class IP address which can't override REMOTE_ADDR.

[acelaya]

So I guess your point is that, after those changes in akrabat/ip-address-middleware, the X-Real_IP and X-Forwarded-For headers are being ignored in some cases?

Can you provide a failing test case that proves it? This is probably the best test to extend

shlink/module/Core/test-api/Action/RedirectTest.php

Line 92 in ed09bf9

$ipAddressConfig = require __DIR__ . '/../../../../config/autoload/ip-address.global.php';