Forum OpenACS Development: Re: ad_conn peeraddr
On the backend side everything using ad_conn reports the client ip address as "ad_conn peeraddr" (e.g. request monitor, creation_ip in acs_objects, etc.). Since all but developer traffic (via VLAN) is routed via the reverse proxy, recording the ip address of the proxy is certainly not useful. I would call it rather a bug, seeing always the proxy's ip address, where the code-writer had obviously the intention to report the client IP address. In the parts of openacs we are using, we found no place, where having the proxy as the peer address makes sense.
however, I do agree, that in principle one should have two fields, such as peer_addr and client_addr, and that the usages should be changed from "ad_conn peeraddr" to "adconn clientaddr". However, the change above is less invasive, and one has actually always both info at hand: one can use still "ns_conn peer_addr" for the bare-bone info.
This was not an issue for us, since we only allow SSL connections from the outside world.
guess, with nginx one can get the same behavior by using proxy_set_header.