fix: [flood protection] default to REMOTE_ADDR if the selected default logging IP source header is not populated

src/Controller/Component/FloodProtectionComponent.php

@@ -17,6 +17,9 @@ class FloodProtectionComponent extends Component
     public function initialize(array $config): void
     {
         $ip_source = Configure::check('security.logging.ip_source') ? Configure::read('security.logging.ip_source') : 'REMOTE_ADDR';
+        if (!isset($_SERVER[$ip_source])) {
+            $ip_source = 'REMOTE_ADDR';
+        }
         $this->remote_ip = $_SERVER[$ip_source];
         $temp = explode(PHP_EOL, $_SERVER[$ip_source]);
         if (count($temp) > 1) {