Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.206
diff -u -r1.206 bootstrap.inc
--- includes/bootstrap.inc	10 Jan 2008 22:47:17 -0000	1.206
+++ includes/bootstrap.inc	10 Feb 2008 16:12:29 -0000
@@ -953,9 +953,12 @@
       break;
 
     case DRUPAL_BOOTSTRAP_ACCESS:
-      // Deny access to hosts which were banned - t() is not yet available.
-      if (drupal_is_denied('host', ip_address())) {
+      // Deny access to hosts which were banned.
+      // Force at this point recalculation of the IP address
+      // overriding the possibly cached value.
+      if (drupal_is_denied('host', ip_address(TRUE))) {
         header('HTTP/1.1 403 Forbidden');
+        // t() is not yet available.
         print 'Sorry, '. check_plain(ip_address()) .' has been banned.';
         exit();
       }
@@ -1113,12 +1116,22 @@
  * instead of $_SERVER['REMOTE_ADDR'], which would be the IP address
  * of the proxy server, and not the client's.
  *
+ * @param $force
+ *   (optional) Reset cached IP address and force recalculating it.
+ *   To be used only once, at the very first call of a request.
  * @return
  *   IP address of client machine, adjusted for reverse proxy.
  */
-function ip_address() {
+function ip_address($force=FALSE) {
   static $ip_address = NULL;
 
+  // With caching enabled, $ip_address will be available between requests.
+  // Behind a reverse proxy this would mean we are working with the client IP
+  // of an old request. To avoid this, we reset the $ip_address.
+  if ($force) {
+  	$ip_address = NULL;
+  }
+
   if (!isset($ip_address)) {
     $ip_address = $_SERVER['REMOTE_ADDR'];
     if (variable_get('reverse_proxy', 0) && array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {