diff --git a/src/main/kotlin/top/fatweb/oxygen/api/aop/SysLogInterceptor.kt b/src/main/kotlin/top/fatweb/oxygen/api/aop/SysLogInterceptor.kt
index c6f41e9..5c8a27c 100644
--- a/src/main/kotlin/top/fatweb/oxygen/api/aop/SysLogInterceptor.kt
+++ b/src/main/kotlin/top/fatweb/oxygen/api/aop/SysLogInterceptor.kt
@@ -49,7 +49,7 @@ class SysLogInterceptor(
             requestUri = URI(request.requestURI).path
             requestParams = formatParams(request.parameterMap)
             requestMethod = request.method
-            requestIp = request.remoteAddr
+            requestIp = WebUtil.getRequestIp(request)
             requestServerAddress = "${request.scheme}://${request.serverName}:${request.serverPort}"
             userAgent = request.getHeader("User-Agent")
         }
diff --git a/src/main/kotlin/top/fatweb/oxygen/api/service/permission/impl/AuthenticationServiceImpl.kt b/src/main/kotlin/top/fatweb/oxygen/api/service/permission/impl/AuthenticationServiceImpl.kt
index 1143cc1..afdbb73 100644
--- a/src/main/kotlin/top/fatweb/oxygen/api/service/permission/impl/AuthenticationServiceImpl.kt
+++ b/src/main/kotlin/top/fatweb/oxygen/api/service/permission/impl/AuthenticationServiceImpl.kt
@@ -165,7 +165,7 @@ class AuthenticationServiceImpl(
             LocalDateTime.now(ZoneOffset.UTC).toInstant(ZoneOffset.UTC).toEpochMilli()
         }-${UUID.randomUUID()}-${UUID.randomUUID()}-${UUID.randomUUID()}"
         userService.update(KtUpdateWrapper(User()).eq(User::id, user.id).set(User::forget, code))
-        sendRetrieveMail(user.username!!, request.remoteAddr, code, forgetParam.email!!)
+        sendRetrieveMail(user.username!!, WebUtil.getRequestIp(request), code, forgetParam.email!!)
     }
 
     @Transactional
@@ -197,7 +197,7 @@ class AuthenticationServiceImpl(
 
         WebUtil.offlineUser(redisUtil, user.id!!)
 
-        sendPasswordChangedMail(user.username!!, request.remoteAddr, userInfo!!.email!!)
+        sendPasswordChangedMail(user.username!!, WebUtil.getRequestIp(request), userInfo!!.email!!)
     }
 
     @EventLogRecord(EventLog.Event.LOGIN)
@@ -377,9 +377,9 @@ class AuthenticationServiceImpl(
             }
         }
 
-        logger.info("用户登录 [用户名: '{}', IP: '{}']", loginUser.username, request.remoteAddr)
+        logger.info("用户登录 [用户名: '{}', IP: '{}']", loginUser.username, WebUtil.getRequestIp(request))
         userService.update(User().apply {
-            currentLoginIp = request.remoteAddr
+            currentLoginIp = WebUtil.getRequestIp(request)
             currentLoginTime = LocalDateTime.now(ZoneOffset.UTC)
             lastLoginIp = loginUser.user.currentLoginIp
             lastLoginTime = loginUser.user.currentLoginTime
diff --git a/src/main/kotlin/top/fatweb/oxygen/api/util/WebUtil.kt b/src/main/kotlin/top/fatweb/oxygen/api/util/WebUtil.kt
index 4e0838c..6e3ad46 100644
--- a/src/main/kotlin/top/fatweb/oxygen/api/util/WebUtil.kt
+++ b/src/main/kotlin/top/fatweb/oxygen/api/util/WebUtil.kt
@@ -76,4 +76,31 @@ object WebUtil {
 
         redisUtil.delObject(keys)
     }
+
+    /**
+     * Get real request IP
+     *
+     * @param request HttpServletRequest object
+     * @return IP address
+     * @author FatttSnake, fatttsnake@gmail.com
+     * @since 1.0.0
+     * @see HttpServletRequest
+     */
+    fun getRequestIp(request: HttpServletRequest): String {
+        var ip = request.getHeader("X-Real-IP")
+        if (!ip.isNullOrBlank() && !"unknown".equals(ip, true)) {
+            return ip
+        }
+        ip = request.getHeader("X-Forwarded-For")
+        return if (!ip.isNullOrBlank() && !"unknown".equals(ip, true)) {
+            val index = ip.indexOf(",")
+            if (index != -1) {
+                ip.substring(0, index)
+            } else {
+                ip
+            }
+        } else {
+            request.remoteAddr
+        }
+    }
 }
\ No newline at end of file