My company has recently installed some hardware-based load balancers. Among other things, these load balancers provide a caching proxy for our web applications.
As soon as those went into production, some of our web applications started having problems in obtaining the client IP address. (These were web apps that had reason to check such things.)
This served as a nice reminder that a web application should not trust the client IP address to be accurate. Most ISPs run all web traffic through a proxy, and you never know how many proxies a request will go through before hitting your server.
The proper way to get the client ip address is to use the X-Forwarded-For header.
Now, the X-Forwarded-For header may contain multiple ip addresses. In this case, it will contain a comma-separated list of addresses. The client ip address is the first one in the list.
X-Forwarded-For 172.17.150.97, 22.214.171.124
172.17.15.97 is the actual client ip address
126.96.36.199 is a proxy server
For more information on X-Forwarded-For, see this Wikipedia Article