If you need to block/allow SharePoint request based on the original user request IP address, here are the procedures.
1. Go to the following web site and convert IPv4 to IP Decimal.
2. Create a resource component. In the conditions, add "inet_address" condition with the decimal value of the IP address from step #1. Then create the policy to include the resource component.
3. If you need to test the original IP in "X-Forwarded-For" that is in the request header but not in the direct request, you can use the "Modify Header Value" add-in for your testing. The screenshots are listed below.
Now you can test any http request header in the NextLabs policy.