Only in b: wp-config.php
diff -ur a/wp-config-sample.php b/wp-config-sample.php
--- a/wp-config-sample.php	2013-10-24 18:58:23.000000000 -0400
+++ b/wp-config-sample.php	2014-03-08 08:01:52.734223462 -0500
@@ -88,3 +88,11 @@
 
 /** Sets up WordPress vars and included files. */
 require_once(ABSPATH . 'wp-settings.php');
+
+/**
+ * A space separated list of IP addresses used for finding the ip of the remote, instead of your proxy/balancer.
+ * Any of these addresses will be replaced with the HTTP_X_FORWARDED_FOR header value if present, which a properly
+ * configured proxy should set. Set to blank to disable.
+ */
+define('PROXY_IP', '');
+
diff -ur a/wp-includes/comment.php b/wp-includes/comment.php
--- a/wp-includes/comment.php	2013-11-30 20:25:10.000000000 -0500
+++ b/wp-includes/comment.php	2014-03-08 07:59:41.686216836 -0500
@@ -1703,7 +1703,7 @@
 	$parent_status = ( 0 < $commentdata['comment_parent'] ) ? wp_get_comment_status($commentdata['comment_parent']) : '';
 	$commentdata['comment_parent'] = ( 'approved' == $parent_status || 'unapproved' == $parent_status ) ? $commentdata['comment_parent'] : 0;
 
-	$commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] );
+	$commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', get_remote_ip() );
 	$commentdata['comment_agent']     = isset( $_SERVER['HTTP_USER_AGENT'] ) ? substr( $_SERVER['HTTP_USER_AGENT'], 0, 254 ) : '';
 
 	$commentdata['comment_date']     = current_time('mysql');
diff -ur a/wp-includes/functions.php b/wp-includes/functions.php
--- a/wp-includes/functions.php	2014-01-08 18:18:13.000000000 -0500
+++ b/wp-includes/functions.php	2014-03-08 07:51:36.338192263 -0500
@@ -4191,3 +4191,19 @@
 function reset_mbstring_encoding() {
 	mbstring_binary_safe_encoding( true );
 }
+
+
+/** 
+ * Return the real client address if the REMOTE_ADDR we see here is known to be our proxy.
+ */
+function get_remote_ip() {
+    if ( defined('PROXY_IP')
+            && strpos( PROXY_IP, $_SERVER['REMOTE_ADDR'] ) !== false
+            && $_SERVER['HTTP_X_FORWARDED_FOR'] != null
+            && ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
+        return $_SERVER['HTTP_X_FORWARDED_FOR'];
+    }else{
+        return $_SERVER['REMOTE_ADDR'];
+    }
+}
+