diff --git a/app/authentication/auth.py b/app/authentication/auth.py
index 3743b42e8..31f2764d9 100644
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -47,9 +47,12 @@ def restrict_ip_sms():
     ip = ''
     if request.headers.get("X-Forwarded-For"):
         # X-Forwarded-For looks like "203.0.113.195, 70.41.3.18, 150.172.238.178"
-        ip_list = request.headers.get("X-Forwarded-For")
-        ip = ip_list.split(',')[0].strip()
-        current_app.logger.info("Inbound sms ip route list {}".format(ip_list))
+        ip_route = request.headers.get("X-Forwarded-For")
+        # ip = ip_list.split(',')[0].strip()
+        ip_list = ip_route.split(',')
+        if len(ip_list) >= 3:
+            ip = ip_list[len(ip_list) - 3]
+        current_app.logger.info("Inbound sms ip route list {}".format(ip_route))
 
     if ip in current_app.config.get('ALLOW_IP_INBOUND_SMS'):
         current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip))