diff --git a/app/controllers/concerns/downloadable_controller.rb b/app/controllers/concerns/downloadable_controller.rb
index 2cf5cd2cb99eefefd61d57b2959d5391ba78bc71..fd409412d6f69799a8a01bc9a0af428fa4d2651f 100644
--- a/app/controllers/concerns/downloadable_controller.rb
+++ b/app/controllers/concerns/downloadable_controller.rb
@@ -22,6 +22,7 @@ module DownloadableController
 
   # GET /learning_objects/1/download
   def download
+    # Change request.remote_ip to req.env["HTTP_X_REAL_IP"] in production
     downloadable.download(current_user, request.remote_ip)
     link = downloadable.download_link
     if !link.blank?
diff --git a/app/models/user.rb b/app/models/user.rb
index d603fdd3f8e11a30ef392c71e3e1372bce5443bf..405f0706e7552b7334069fa2359327952f8f9a5d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -277,4 +277,10 @@ class User < ApplicationRecord
   def ignore_changes
     super + %w(tokens sign_in_count current_sign_in_at last_sign_in_at current_sign_in_ip last_sign_in_ip score follows_count confirmation_token confirmed_at confirmation_sent_at)
   end
+
+  def update_tracked_fields(request)
+    super
+    # Change request.remote_ip to req.env["HTTP_X_REAL_IP"] in production
+    self.current_sign_in_ip = request.remote_ip
+  end
 end
diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb
index 2b1b053be6a6645a0bed52307ba88b59565aeac0..573cbeb86cfecfb39e8669e192bc768bfe2eb55c 100644
--- a/config/initializers/rack-attack.rb
+++ b/config/initializers/rack-attack.rb
@@ -43,6 +43,7 @@ class Rack::Attack
   #
   # Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
   throttle('req/ip', limit: 600, period: 5.minutes) do |req|
+    # Change req.ip to req.env["HTTP_X_REAL_IP"] in production
     req.ip unless req.path =~ %r{ ^\/(attachments|download|system) }
   end
 
@@ -59,6 +60,7 @@ class Rack::Attack
   #
   # Key: "rack::attack:#{Time.now.to_i/:period}:logins/ip:#{req.ip}"
   throttle('logins/ip', limit: 5, period: 20.seconds) do |req|
+    # Change req.ip to req.env["HTTP_X_REAL_IP"] in production
     req.ip if req.path == '/v1/auth/sign_in' && req.post?
   end