We are using the Access Control policy in our API proxies to whitelist the clients based on their public CIDRs. But in Apigee Edge the "proxy.client.ip" and "X-Forwarded-For" variables are populating 192.168.XX.XX IPs which are private IPs.

We also enabled the following element in the ACL policy

- <ValidateBasedOn>X_FORWARDED_FOR_ALL_IP</ValidateBasedOn>

Does any one know, how those private IPs are getting populated when the client is sending its public IP within the whitelisted CIDRs in ACL policy?

How we can enable the ACL to use the public IP of the clients ?