When Piwik is set up to get the client IP from the proxy header (proxy_client_headers[] setting) and the header contains more than one IP address, the one Piwik uses is the last one; according to the protocol definition, it should be the first one.

See https://tools.ietf.org/html/rfc7239

How to reproduce:

• Set up Piwik to take into account proxy headers:
  proxy_client_headers[] = HTTP_X_FORWARDED_FOR
• Disable IP anonymizer
• Access Piwik in a way that the HTTP_X_FORWARDED_FOR contains more than one IP - either from your network configuration or with a header injection tool
• If HTTP_X_FORWARDED_FOR contains, for instance: 1.2.3.4, 5.6.7.8 -> Piwik assigns 5.6.7.8 as the client source IP.