Log x-forwarded-for header in API Management Gateway log
If API Management is fronted by a WAF or Proxy the IP logged in the API Management Gateway log is not the original IP.
WAF's like the Application Gateway Web Application Firewall do add an x-forwarded-for header however the current API Management Gateway log does not include it.
second this - where is it? it makes diagnostics/supportability very difficult - if not impossible and therefore can't be used in many situations.