During testing, this never showed up on the dev servers. The reason is that we only get one IP for HTTP_X_FORWARDED_FOR, unless we're behind a load balancer or HTTP proxy.
The correct method of using this is:
if 'HTTP_X_FORWARDED_FOR' in request.META:
question.ip = request.META.get('HTTP_X_FORWARDED_FOR').split(',').strip()
question.ip = request.META.get('REMOTE_ADDR', None)
This will get the client IP (first position) and strip out any spaces.
If there is no forwarded IP, it'll resort to using the REMOTE_ADDR header.
The code is written in Python but should be easily portable to any other language.