Fix IP identification when behind load balancer or proxy

[benjo456]

Currently the user IP address cannot be collected properly if the site is behind a load balancer or proxy. This code adds a fallback in those situations so that the user IP can be collected properly.

Without this, it is impossible to correctly identify a user IP and so there is no way to ban any malicious users.

[9mido]

@benjo456

Read this entire thing even the comments:

https://stackoverflow.com/questions/4581789/how-do-i-get-user-ip-address-in-django

Your code looks very similar to the answers here that go over why what you have here can be very dangerous https://esd.io/blog/flask-apps-heroku-real-ip-spoofing.html. Probably better off using ipware compared to the method you used here.

There is already another open PR related to ipware. It is good to have both PRs, but I think ipware would be better.

[blag]

Hi, I have forked this project, included a few PRs (including one that solves this same problem), and released a package to PyPI. You might have better luck with my fork.

[dmpayton]

I've merged an integration with django-ipware, which looks like it should resolve the issue nicely, into develop.