diff --git a/controllers/ipservice.go b/controllers/ipservice.go
index 1ca060344..c8ceaecac 100644
--- a/controllers/ipservice.go
+++ b/controllers/ipservice.go
@@ -43,7 +43,7 @@ func getPublicIP(w http.ResponseWriter, r *http.Request) {
 
 func parseIP(r *http.Request) (string, error) {
 	// Get Public IP from header
-	ip := r.Header.Get("X-REAL-IP")
+	ip := strings.TrimSpace(r.Header.Get("X-REAL-IP"))
 	ipnet := net.ParseIP(ip)
 	if ipnet != nil && !ncutils.IpIsPrivate(ipnet) {
 		return ip, nil
@@ -53,6 +53,7 @@ func parseIP(r *http.Request) (string, error) {
 	forwardips := r.Header.Get("X-FORWARDED-FOR")
 	iplist := strings.Split(forwardips, ",")
 	for _, ip := range iplist {
+		ip = strings.TrimSpace(ip)
 		ipnet := net.ParseIP(ip)
 		if ipnet != nil && !ncutils.IpIsPrivate(ipnet) {
 			return ip, nil
diff --git a/controllers/ipservice_test.go b/controllers/ipservice_test.go
new file mode 100644
index 000000000..d28b6e1da
--- /dev/null
+++ b/controllers/ipservice_test.go
@@ -0,0 +1,21 @@
+package controller
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestParseIPTrimsForwardedForEntries(t *testing.T) {
+	req := httptest.NewRequest(http.MethodGet, "http://example.com", nil)
+	req.Header.Set("X-FORWARDED-FOR", "10.0.0.1, 8.8.8.8")
+	req.RemoteAddr = "10.0.0.2:1234"
+
+	ip, err := parseIP(req)
+	if err != nil {
+		t.Fatalf("parseIP() returned error: %v", err)
+	}
+	if ip != "8.8.8.8" {
+		t.Fatalf("parseIP() = %q, want %q", ip, "8.8.8.8")
+	}
+}