Something I don't see mentioned in any documentation, something that took me days to find is rpaf http://stderr.net/apache/rpaf/ This will allow apache, php, logs etc to see the real x-forwarded-for ip without any program modifications. Install the apache addon, enable it and now all code sees the x-forwarded-for ip. Please add this to documentation so others don't waste their time finding it.
Thanks
