Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.271
diff -u -r1.271 bootstrap.inc
--- includes/bootstrap.inc	1 Mar 2009 09:32:17 -0000	1.271
+++ includes/bootstrap.inc	18 Mar 2009 07:41:08 -0000
@@ -1351,10 +1351,11 @@
         // the XFF header if request really comes from one of them.
         $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array());
         if (!empty($reverse_proxy_addresses) && in_array($ip_address, $reverse_proxy_addresses, TRUE)) {
-          // If there are several arguments, we need to check the most
-          // recently added one, i.e. the last one.
+          // The "X-Forwarded-For" header is a comma+space separated list of IP addresses,
+          // the left-most being the farthest downstream client. If there is more than
+          // one proxy, we are interested in the most recent one (i.e. last one in the list).
           $ip_address_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
-          $ip_address = array_pop($ip_address_parts);
+          $ip_address = trim(array_pop($ip_address_parts));
         }
       }