Hello All. I'm trying to come up with a solve for a somewhat annoying situation. We have configured our community instance to request authentication after the user clicks submit (Discussion Styles > Posts & Topics > Settings > Authenticate users). This allows someone that isn't a community member to compose a message before even needing to log in. 

The problem we've run into with this configuration is that it seems bots sometimes try to post comment spam. They're ultimately prevented from doing so because once submit is clicked, they're redirected to authenticate. However, the post can still generate a filter report if it contains a keyword we're monitoring. The filter report will show up as though the user has deleted their community account (we use the term "Retired"), so there's no way to try to block them since an IP is usually attached to a user. 

What I'd like to figure out is if there would be a way for the filter report to capture the IP address of the user that generated it, even if that user is not registered. I'm wondering if using something like #${http.request.remoteAddr} (minus the #) would work. I thought it might but then it may just pull the IP of the system generating the report instead of the user. 

 If anyone has insight on how I could either get the IP so I can block it or otherwise solve the situation (other than changing the "authenticate users" settiing) I'd love to hear it 😁