Is your feature request related to a problem? Please describe.

When using a single application protection layer, like Cloudflare, the rate limiter works well, via the x-forwarded-for header.

But when there are multiple protection layers in front of the application, like in my case Cloudflare + our own load balancer, both the default IP address and the x-forwarded-for header are useless as both will not provide the real users IP address.

Describe the solution you'd like

Cloudflare provides their own header with the users IP address: CF-Connecting-IP (see here). I expect other services (firewalls, load balancers) provide similar headers. I would like to define this header in the rate limiting options to it is used in stead of the default x-forwarded-for header.

Example code:

function getIP (event: H3Event, customIpHeader: string) {
-  const ip = getRequestIP(event, { xForwardedFor: true }) || ''
+  const ip = customIpHeader ? getRequestHeader(event, customIpHeader) : getRequestIP(event, { xForwardedFor: true }) || ''
  return ip
}

Describe alternatives you've considered

As an alternative I have patched this module in my own project using npx patch-package and it works well.

Additional context

- Operating System: `Darwin`
- Node Version:     `v20.18.2`
- Nuxt Version:     `3.12.0-28624160.b7881700`
- CLI Version:      `3.12.0`
- Nitro Version:    `2.10.4`
- Package Manager:  `[email protected]`
- Builder:          `-`
- User Config:      `alias`, `components`, `css`, `devServer`, `devtools`, `experimental`, `future`, `i18n`, `image`, `modules`, `runtimeConfig`, `security`, `sitemap`, `site`, `typescript`, `vite`, `nitro`, `robots`, `routeRules`
- Runtime Modules:  `@nuxt/[email protected]`, `@nuxtjs/[email protected]`, `@pinia/[email protected]`, `[email protected]`, `@nuxtjs/[email protected]`, `@nuxt/[email protected]`, `@vee-validate/[email protected]`, `[email protected]`, `[email protected]`, `vue-recaptcha/nuxt`
- Build Modules:    `-`