I'd like to state for the record that your firewall on your server sucks, HTTP_X_FORWARDED_FOR should always translate to the real user IP address, lol.
The X-Forwarded-For (XFF) HTTP header field was a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. The XFF HTTP request header was introduced by the Squid caching proxy server's developers. An RFC was proposed at the Internet Engineering Task Force (IETF).