Investigate configurating spring boot trusted proxy setttings

[netomi]

Documentation:

https://docs.spring.io/spring-boot/3.5/how-to/webserver.html#howto.webserver.use-behind-a-proxy-server

Currently we use custom configuration to e.g. get IP addresses of the original request.

We should look into how existing spring boot functionality could replace that and make it more secure (trusted proxies).

[netomi]

we currently use jetty as servlet container. Unfortunately, neither jetty nor spring boot framework itself does support setting a list of trusted proxies to use for analysing the X-Forwarded-For header.

This can only be externalized in the configuration of the used reverse-proxy:

• either explicitly set X-Real-IP to $remote_addr and use that one to determine the real IP
• or use set_header X-Forwarded-For $remote_addr instead of proxy_add_x_forwarded_for