SEP Intrusion Prevention policy is incorrectly blocking Excluded Hosts incorrectly identifying source IPs

The reason why IPS detections are reporting different IP Addresses as Remote IP is because SEP IPS detection is designed to use the IP Address specified in the `x-forwarded-for` HTTP header field. Since the IP Address in `x-forwarded-for` would be the original sender of the network traffic. However, it appears that some vulnerability scanners are faking/tampering/hiding their original IP address. The `x-forwarded-for` IP Addresses could not be used in Hosts/IP exclusion. It is a current limitation in SEP IPS/CIDS engine.

Currently SEP IPS doesn't support IP Addresses retrieved from the `X-Forwarded-For` header. There's an ongoing discussion if we are going to support it, since it will have security related issue (since the header value can be faked/spoofed).