diff --git a/app/authentication/auth.py b/app/authentication/auth.py
index 6bc9d0490..7227ead3b 100644
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -47,7 +47,9 @@ def requires_no_auth():
 def restrict_ip_sms():
     ip = ''
     if request.headers.getlist("X-Forwarded-For"):
-        ip = request.headers.getlist("X-Forwarded-For")[0]
+        ip0 = request.headers.getlist("X-Forwarded-For")
+        ip1 = ip0.split(',');
+        ip = ip1[0]
 
     if ip in current_app.config.get('ALLOW_IP_INBOUND_SMS'):
         current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip))