diff --git a/ip_utils/ip_utils.go b/ip_utils/ip_utils.go
index c8316f1165506f6e2bc50e5b1c9b574dc333694c..bf06bcdb6079a7df46a912b4c29074eff7a5e366 100644
--- a/ip_utils/ip_utils.go
+++ b/ip_utils/ip_utils.go
@@ -175,9 +175,9 @@ func GetRequestSourceIP(proxyRequest *events.APIGatewayProxyRequest, websocketRe
 			VerifyCloudflareSourceIP(requestSourceIP) {
 			forwardedForHeaderIPs := strings.Split(forwardedForHeader, ",")
 
-			if len(forwardedForHeaderIPs) > 0 {
-				// Use the first IP as the source IP
-				headerSourceIP := strings.TrimSpace(forwardedForHeaderIPs[len(forwardedForHeaderIPs)-1])
+			if len(forwardedForHeaderIPs) > 1 {
+				// Use the second-to-last IP – the last IP will be the Cloudflare proxy's IP
+				headerSourceIP := strings.TrimSpace(forwardedForHeaderIPs[len(forwardedForHeaderIPs)-2])
 				return headerSourceIP
 			}
 		}