We tried the configuration as per the link shared
proxy_client_headers = HTTP_X_FORWARDED_FOR
proxy_host_headers = HTTP_X_FORWARDED_HOST
proxy_client_headers = HTTP_CF_CONNECTING_IP
proxy_client_headers = HTTP_CLIENT_IP
As we are using standard proxy configuration through IIS.
Post these updates we restarted IIS and cleaned up the app pool but it did not helped and it’s still capturing private IP.
I think you have to check the full HTTP request that Matomo receives (with all headers) in order to see which one is to be used. Also, in HTTP requests, is there any cip query param in use (in addition with token_auth)?