Describe the bug
I am locking the user based on username with AXES_LOCKOUT_PARAMETERS = ["username"] but it's locking user based on ip and username.

To Reproduce
Steps to reproduce the behavior:

1. when i pushed code in production every time i refreshed admin page it's storing different ip and username combination in access_attempt table.
   These is my configuration and installed only django-axes
2. INSTALLED_APPS = [
   ...
   'axes',
   ]

MIDDLEWARE = [
...
'axes.middleware.AxesMiddleware',
]
AXES_FAILURE_LIMIT = 6
AXES_COOLOFF_TIME = 1
AXES_ENABLE_ACCESS_FAILURE_LOG = True
AXES_RESET_COOL_OFF_ON_FAILURE_DURING_LOCKOUT = False
AXES_RESET_ON_SUCCESS = True
AXES_LOCKOUT_PARAMETERS = ["username"]

Expected behavior
A clear and concise description of what you expected to happen.

Your environment
python version:
django version:
django-axes version:
Operating system:

Additional context
Add any other context about the problem here.

Possible implementation
Not obligatory, but suggest an idea for implementing addition or change

Axes indeed stores the username and IP address data to the attempt table but the locking out is done by a different mechanism where the number of failures and failure fetching is done by https://github.com/jazzband/django-axes/blob/master/axes/helpers.py#L220 and the exact arguments used for queries are calculated from the user-supplied configuration object (list, callable or import path).