From 2d5e14a8d39a53c8a2e6d28fb8ae7debb5fbd388 Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Wed, 28 Aug 2013 15:32:41 +0100
Subject: [PATCH] Throttles now use HTTP_X_FORWARDED_FOR, falling back to
 REMOTE_ADDR to identify anonymous requests

---
 rest_framework/throttling.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rest_framework/throttling.py b/rest_framework/throttling.py
index 8943f22c1..a946d837f 100644
--- a/rest_framework/throttling.py
+++ b/rest_framework/throttling.py
@@ -152,7 +152,9 @@ class AnonRateThrottle(SimpleRateThrottle):
         if request.user.is_authenticated():
             return None  # Only throttle unauthenticated requests.
 
-        ident = request.META.get('REMOTE_ADDR', None)
+        ident = request.META.get('HTTP_X_FORWARDED_FOR')
+        if ident is None:
+            ident = request.META.get('REMOTE_ADDR')
 
         return self.cache_format % {
             'scope': self.scope,