Mollom

The content author's IP address (not the hostname) needs to be included with many API calls. The 'author_ip' parameter is optional, but it can drastically improve Mollom's results.

When moderating or editing a content, the client should send the IP address of the original poster, not the moderator's. If the original IP address is no longer known, 'author_ip' should not be specified.

Sending the correct IP address is key, and non-trivial. Care needs to be taken to do it right. It is important to send the visitor's actual IP address and not that of a reverse proxy.

The REMOTE_ADDR HTTP variable holds the visitor's IP in most situations.

The HTTP_X_FORWARDED_FOR HTTP header will hold the visitor's IP when running behind a reverse proxy (such as Squid), since the REMOTE_ADDR HTTP variable will contain the reverse proxy's IP address.

The HTTP_X_CLUSTER_CLIENT_IP HTTP header may hold the visitor's IP when running on a cluster setup.

Both HTTP_X_FORWARDED_FOR and HTTP_X_CLUSTER_CLIENT_IP can be spoofed; those header values should not be trusted unless they are guaranteed to come from a reverse proxy.

To see example PHP code, you may consult the ip_address() function in Drupal core. You will recognize that it does not use the unsafe HTTP headers unless a site administrator has explicitly enabled Drupal's reverse proxy configuration setting.