When Piwik is set up to get the client IP from the proxy header (proxy_client_headers setting) and the header contains more than one IP address, the one Piwik uses is the last one; according to the protocol definition, it should be the first one.
How to reproduce:
A workaround for this is to use a unique header. For example, if using HAProxy in front of Apache you can specify 'option forwardfor header X-Real-Originating-IP' in haproxy.conf and 'HTTP_X_REAL_ORIGINATING_IP' in piwik's config.
At least there is a lot less chance of something else using your custom header.
Thanks for the report! this pull request was created: https://github.com/piwik/piwik/pull/10404
could you test it and report whether this works for you?
Just installed it. I will have to wait a few hours for new traffic to come in, but it looks good! Thank you so much.