diff --git a/src/express-common.js b/src/express-common.js
index 630d62c59..5a6890220 100644
--- a/src/express-common.js
+++ b/src/express-common.js
@@ -11,10 +11,17 @@ export const urlencodedParser = express.urlencoded({ extended: true, limit: '200
  * @returns {string} IP address of the client
  */
 export function getIpFromRequest(req) {
+    // First check X-Real-IP header
+    if (req.headers['x-real-ip']) {
+        return req.headers['x-real-ip'].toString();
+    }
+
+    // Fall back to socket remote address
     let clientIp = req.socket.remoteAddress;
     if (!clientIp) {
         return 'unknown';
     }
+
     let ip = ipaddr.parse(clientIp);
     // Check if the IP address is IPv4-mapped IPv6 address
     if (ip.kind() === 'ipv6' && ip instanceof ipaddr.IPv6 && ip.isIPv4MappedAddress()) {
diff --git a/src/middleware/whitelist.js b/src/middleware/whitelist.js
index 395084a9d..fb3c2490a 100644
--- a/src/middleware/whitelist.js
+++ b/src/middleware/whitelist.js
@@ -31,11 +31,6 @@ function getForwardedIp(req) {
         return undefined;
     }
 
-    // Check if X-Real-IP is available
-    if (req.headers['x-real-ip']) {
-        return req.headers['x-real-ip'].toString();
-    }
-
     // Check for X-Forwarded-For and parse if available
     if (req.headers['x-forwarded-for']) {
         const ipList = req.headers['x-forwarded-for'].toString().split(',').map(ip => ip.trim());