fix(clientAddress): allow location of the client ip address in forward headers to be specified in config

config/index.js

@@ -354,6 +354,12 @@ var conf = convict({
     format: String,
     env: 'CORS_ORIGIN',
     default: '*'
+  },
+  clientAddressDepth: {
+    doc: 'location of the client ip address in the remote address chain',
+    format: Number,
+    env: 'CLIENT_ADDRESS_DEPTH',
+    default: 3
   }
 })
 

lib/server.js

@@ -194,9 +194,10 @@ function create(log, error, config, routes, db) {
       // Construct source-ip-address chain for logging.
       var xff = (request.headers['x-forwarded-for'] || '').split(/\s*,\s*/)
       xff.push(request.info.remoteAddress)
+      var clientAddressIndex = xff.length - (config.clientAddressDepth || 1)
       // Remove empty items from the list, in case of badly-formed header.
       request.app.remoteAddressChain = xff.filter(function(x){ return x })
-      request.app.clientAddress = request.app.remoteAddressChain[0]
+      request.app.clientAddress = request.app.remoteAddressChain[clientAddressIndex]
       request.app.acceptLanguage = trimLocale(request.headers['accept-language'])
 
       if (request.headers.authorization) {