diff --git a/plinth/__main__.py b/plinth/__main__.py
index 51b5f9db1..f351bd682 100644
--- a/plinth/__main__.py
+++ b/plinth/__main__.py
@@ -243,6 +243,7 @@ def configure_django():
             },
         ],
         AXES_LOCKOUT_URL='locked',
+        AXES_BEHIND_REVERSE_PROXY=True,
         CACHES={'default':
                 {'BACKEND': 'django.core.cache.backends.dummy.DummyCache'}},
         CAPTCHA_FONT_PATH=['/usr/share/fonts/truetype/ttf-bitstream-vera/Vera.ttf'],
diff --git a/plinth/modules/sso/views.py b/plinth/modules/sso/views.py
index c1146526f..200086bfb 100644
--- a/plinth/modules/sso/views.py
+++ b/plinth/modules/sso/views.py
@@ -20,6 +20,7 @@ Views for the Single Sign On module of Plinth
 
 import os
 import urllib
+import logging
 
 from .forms import AuthenticationForm
 
@@ -38,6 +39,8 @@ PRIVATE_KEY_FILE_NAME = 'privkey.pem'
 SSO_COOKIE_NAME = 'auth_pubtkt'
 KEYS_DIRECTORY = '/etc/apache2/auth-pubtkt-keys'
 
+logger = logging.getLogger(__name__)
+
 
 def set_ticket_cookie(user, response):
     """Generate and set a mod_auth_pubtkt as a cookie in the provided
@@ -79,7 +82,7 @@ class CaptchaLoginView(LoginView):
         if request.POST:
             if request.user.is_authenticated:
                 ip = get_ip_address_from_request(request)
-                reset()  # TODO reset(ip=ip)
+                reset(ip=ip)
                 return set_ticket_cookie(request.user, response)
             else:
                 return response
@@ -87,8 +90,13 @@ class CaptchaLoginView(LoginView):
 
 
 def get_ip_address_from_request(request):
-    # TODO Not sure if this is the right way to get the client ip
-    return request.META['HTTP_X_FORWARDED_FOR']
+    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
+    if x_forwarded_for:
+        ip = x_forwarded_for.split(',')[0]
+    else:
+        ip = request.META.get('REMOTE_ADDR')
+    logger.warning("IP address is " + ip)
+    return ip
 
 
 class SSOLogoutView(LogoutView):