From 7a2227d64aedc66a3e25099c31d6b28bb87411dc Mon Sep 17 00:00:00 2001
From: Joseph Milazzo <joseph.v.milazzo@gmail.com>
Date: Sat, 10 May 2025 11:49:56 -0500
Subject: [PATCH] Ensure the remote Ip address is correct behind RP for
 Security middleware.

---
 API/Middleware/SecurityMiddleware.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/API/Middleware/SecurityMiddleware.cs b/API/Middleware/SecurityMiddleware.cs
index 61ca1c75d..bbf4b5f6b 100644
--- a/API/Middleware/SecurityMiddleware.cs
+++ b/API/Middleware/SecurityMiddleware.cs
@@ -1,5 +1,6 @@
 using System;
 using System.IO;
+using System.Linq;
 using System.Net;
 using System.Text.Json;
 using System.Threading.Tasks;
@@ -26,7 +27,7 @@ public class SecurityEventMiddleware(RequestDelegate next)
         }
         catch (KavitaUnauthenticatedUserException ex)
         {
-            var ipAddress = context.Connection.RemoteIpAddress?.ToString();
+            var ipAddress = context.Request.Headers["X-Forwarded-For"].FirstOrDefault() ?? context.Connection.RemoteIpAddress?.ToString());
             var requestMethod = context.Request.Method;
             var requestPath = context.Request.Path;
             var userAgent = context.Request.Headers.UserAgent;