Index: webform_submissions.inc
===================================================================
--- webform_submissions.inc	(revision 6826)
+++ webform_submissions.inc	(working copy)
@@ -52,9 +52,11 @@
   global $user;
 
   $sid = db_next_id('{webform_submissions}_sid');
+  
+  // for load balancers/proxies et al.
+  $ip_address = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']);
+  db_query("INSERT INTO {webform_submissions} (nid, sid, uid, submitted, remote_addr) "." VALUES (%d, %d, %d, %d, '%s')", $node->nid, $sid, $user->uid, time(), $ip_address);
 
-  db_query("INSERT INTO {webform_submissions} (nid, sid, uid, submitted, remote_addr) "." VALUES (%d, %d, %d, %d, '%s')", $node->nid, $sid, $user->uid, time(), $_SERVER['REMOTE_ADDR']);
-
   foreach ($submitted as $cid => $value) {
     // Don't save pagebreaks as submitted data.
     if ($node->webform['components'][$cid]['type'] == 'pagebreak') {
@@ -245,7 +247,9 @@
            "AND submitted > %d AND nid = %d";
 
   // Fetch all the entries from the database within the submit interval with this username and IP.
-  $result = db_query($query, $user->uid, $_SERVER['REMOTE_ADDR'], $user->uid, ($node->webform['submit_interval'] != -1) ? (time() - $node->webform['submit_interval']) : $node->webform['submit_interval'], $node->nid);
+  $ip_address = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']);
+
+  $result = db_query($query, $user->uid, $ip_address, $user->uid, ($node->webform['submit_interval'] != -1) ? (time() - $node->webform['submit_interval']) : $node->webform['submit_interval'], $node->nid);
   $num_submissions_database = db_num_rows($result);
 
   // Double check the submission history from the users machine using cookies.
Index: html/sites/all/modules/contrib/webform/webform.module
===================================================================
--- html/sites/all/modules/contrib/webform/webform.module	(revision 6826)
+++ html/sites/all/modules/contrib/webform/webform.module	(working copy)
@@ -1577,7 +1577,8 @@
 
     // Verify that this submission is not attempting to send any spam hacks.
     if (_webform_submission_spam_check($emails['default'], $subjects['default'], $froms['default'], $headers['default'])) {
-      watchdog('webform', t('Possible spam attempt from @remote_addr', array('@remote_add' => $_SERVER['REMOTE_ADDR'])) ."<br />\n". nl2br(htmlentities($messages['default'])), WATCHDOG_WARNING);
+      $ip_address = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']);
+      watchdog('webform', t('Possible spam attempt from @remote_addr', array('@remote_add' => $ip_address)) ."<br />\n". nl2br(htmlentities($messages['default'])), WATCHDOG_WARNING);
       drupal_set_message(t("Illegal information. Data not submitted."), 'error');
       return false;
     }
@@ -1742,7 +1743,7 @@
 
   $message = '';
   $message .=  t('Submitted on') .' '. format_date(time(), 'small') ."\n";
-  $ip_address = $_SERVER['REMOTE_ADDR'];
+  $ip_address = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']);
 
   if ($user->uid) {
     $message .= t('Submitted by user') .": $user->name [$ip_address]\n";