ip rl: improved method of getting the IP address

[asoorm]

Initial implementation was problematic, because if you use any form of reverse proxy or load balancer, the RemoteAddr would appear as the IP address of the load balancer. We need to throw this away as it is not always useful for us.

This PR tweaks the code slightly to check X-Forwarded-For and X-Real-Ip headers.

We still have a shortcoming in that we don't check for private IP subnets. This means that outgoing requests from a client, going via a proxy or gateway, may have a private sub-net in the X-Forwarded-For - these should be filtered out.

Finally, we should probably walk backwards through the X-Forwarded-For header, not forwards.