There is a breaking change in gunicorn 19 which changes
the behavior of the `REMOTE_ADDR` request meta info. It
no longer correctly passes through the value of X-Forwarded-For
if that header is present.

This resulted in making anything that looked at this attribute
think that all requests were coming from 127.0.0.1

This broke the django-ratelimit-backend library which relies on
this feature to determine if a user has had too many login attempts.