diff --git a/DNN Platform/Library/Common/Utilities/NetworkUtils.cs b/DNN Platform/Library/Common/Utilities/NetworkUtils.cs
index 1bfa0bcd11e..6ee9cbf010b 100644
--- a/DNN Platform/Library/Common/Utilities/NetworkUtils.cs	
+++ b/DNN Platform/Library/Common/Utilities/NetworkUtils.cs	
@@ -5,8 +5,10 @@
 #region Usings
 
 using System;
+using System.Linq;
 using System.Net;
 using System.Net.Sockets;
+using System.Web;
 
 #endregion
 
@@ -242,6 +244,24 @@ public static bool IsIPInRange(string currentIP, string startIP, string subnetma
             }
             return false;
         }
+
+        /// <summary>
+        /// Gets the Client IP address of the current request, from server variables if available, otherwise returns Request.UserHostAddress.
+        /// </summary>
+        /// <param name="request">The current http request.</param>
+        /// <returns>The current client ip address.</returns>
+        public static string GetClientIpAddress(HttpRequest request)
+        {
+            var ipAddress = request.ServerVariables["HTTP_X_FORWARDED_FOR"]?.Split(',').FirstOrDefault();
+
+            // If there is no proxy, get the standard remote address
+            if (string.IsNullOrWhiteSpace(ipAddress) || ipAddress.Equals("unknown", StringComparison.OrdinalIgnoreCase))
+            {
+                ipAddress = request.UserHostAddress;
+            }
+
+            return ipAddress;
+        }
     }
 
     /// <summary>
diff --git a/DNN Platform/Website/DesktopModules/Admin/Authentication/Login.ascx.cs b/DNN Platform/Website/DesktopModules/Admin/Authentication/Login.ascx.cs
index 0d0d4d40823..28914554ec0 100644
--- a/DNN Platform/Website/DesktopModules/Admin/Authentication/Login.ascx.cs	
+++ b/DNN Platform/Website/DesktopModules/Admin/Authentication/Login.ascx.cs	
@@ -40,6 +40,7 @@
 using System.Web.UI.HtmlControls;
 using System.Web.UI.WebControls;
 using DotNetNuke.Abstractions;
+using DotNetNuke.Common.Utils;
 using Microsoft.Extensions.DependencyInjection;
 
 #endregion
@@ -866,7 +867,8 @@ private void ValidateUser(UserInfo objUser, bool ignoreExpiring)
                         bool isAdminUser = objUser.IsSuperUser || objUser.IsInRole(PortalSettings.AdministratorRoleName);
                         if (isAdminUser)
                         {
-                            if (IPFilterController.Instance.IsIPBanned(Request.UserHostAddress))
+                            var clientIp = NetworkUtils.GetClientIpAddress(Request);
+                            if (IPFilterController.Instance.IsIPBanned(clientIp))
                             {
                                 PortalSecurity.Instance.SignOut();
                                 AddModuleMessage("IPAddressBanned", ModuleMessage.ModuleMessageType.RedError, true);