There can sometimes be many users on one IP address. A university for example. I have a survey running, where users shouldn't respond more than once and I thought of limiting to one per IP but decided not to for that reason.

Another method might be to require a simple user registration including email verification. That way, you can limit by username, but I supect it would be difficult even then to prevent the odd user registering several times in cases where they are prepared to use several email addresses.

Yet another method could be to prevent more than one entry for selected terms being submitted, such as an URL. The database could be queried for matching terms in the form before the entry is allowed.

If a user is on a proxy server, his/her IP will be different each time they log on, so cookies would be your best bet. :)

Have you run into spamming problems on your site before? If not, you might want to put up the review module without any restrictions and see what happens. I run a fairly popular niche review site and have seldom run into the sort of problems you describe. In my case, it's been easier to deal manually with the occasional case of abuse than it would be to write a foolproof set of restrictions into the app.

If you do need to automate restrictions, either cookies or some sort of registration would probably work. Cookies are easier to implement and no additional burden for the user, but registration may be worthwhile if you have other uses for it (forums, members-only content, etc.)