In times where Apache is sitting behind a reverse proxy (for example Squid), the cgi atmosphere variable
REMOTE_ADDR will get the address from the proxy as opposed to the client.
However, the proxy sets a header known as
X-Forwarded-For to retain the original Ip from the client to ensure that Apache can easily see it.
Now you ask ,, how can we get Apache to exchange
REMOTE_ADDR using the value within the
X-Forwarded-For header to ensure that all the web programs will transparently begin to see the correct address?
You should use mod_rpaf for your. http://stderr.net/apache/rpaf/
Keep in mind that this value could be spoofed. See http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/ for any real-existence example with Mix-site Scripting effects.