diff --git a/src/api/routes/index.router.ts b/src/api/routes/index.router.ts
index 7ef197de..45c43fca 100644
--- a/src/api/routes/index.router.ts
+++ b/src/api/routes/index.router.ts
@@ -48,9 +48,14 @@ const packageJson = JSON.parse(fs.readFileSync('./package.json', 'utf8'));
 const metricsIPWhitelist = (req: Request, res: Response, next: NextFunction) => {
   const metricsConfig = configService.get('METRICS');
   const allowedIPs = metricsConfig.ALLOWED_IPS?.split(',').map((ip) => ip.trim()) || ['127.0.0.1'];
-  const clientIP = req.ip || req.connection.remoteAddress || req.socket.remoteAddress;
+  const clientIPs = [
+    req.ip,
+    req.connection.remoteAddress,
+    req.socket.remoteAddress,
+    req.headers['x-forwarded-for'],
+  ].filter((ip) => ip !== undefined);
 
-  if (!allowedIPs.includes(clientIP)) {
+  if (allowedIPs.filter((ip) => clientIPs.includes(ip)) === 0) {
     return res.status(403).send('Forbidden: IP not allowed');
   }