diff --git a/internal/api/handler/prosody_hdl.go b/internal/api/handler/prosody_hdl.go
index d4f0f73..84f39dd 100644
--- a/internal/api/handler/prosody_hdl.go
+++ b/internal/api/handler/prosody_hdl.go
@@ -2,6 +2,7 @@ package handler
 
 import (
 	"fmt"
+	"log"
 
 	"gitea.urkob.com/urko/prosody-password/internal/services/fail2ban"
 	"gitea.urkob.com/urko/prosody-password/internal/services/prosody"
@@ -31,12 +32,13 @@ func (handler ProsodyHandler) Post(c *fiber.Ctx) error {
 	if err := c.BodyParser(&req); err != nil {
 		return RenderError(c, fmt.Errorf(" c.BodyParser(&req): %w", err), defaultErrMessage)
 	}
+	log.Println("request ip", c.IP())
 	req.CurrentPassword = c.FormValue("current_password")
 	req.NewPassword = c.FormValue("new_password")
 	if err := handler.prosodyService.ChangePassword(req.User, req.CurrentPassword, req.NewPassword); err != nil {
-		// for _, ip := range c.IPs() {
-		// 	handler.fail2banSrv.FailedAttempt(ip)
-		// }
+		for _, ip := range c.IPs() {
+			handler.fail2banSrv.FailedAttempt(ip)
+		}
 		return RenderError(c, fmt.Errorf("ChangePassword: %w", err), defaultErrMessage)
 	}
 
diff --git a/internal/api/server.go b/internal/api/server.go
index ef52c02..2f2d60f 100644
--- a/internal/api/server.go
+++ b/internal/api/server.go
@@ -32,7 +32,9 @@ func NewRestServer(
 func (s *RestServer) Start(apiPort, views string) error {
 	engine := handlebars.New(views, ".hbs")
 	s.app = fiber.New(fiber.Config{
-		Views: engine,
+		Views:              engine,
+		ProxyHeader:        "X-Forwarded-For",
+		EnableIPValidation: true,
 	})
 
 	s.app.Use(limiter.New(limiter.Config{
@@ -47,7 +49,6 @@ func (s *RestServer) Start(apiPort, views string) error {
 		AllowHeaders:  "Origin, Accept, Content-Type, X-CSRF-Token, Authorization",
 		ExposeHeaders: "Origin",
 	}))
-
 	s.loadViews()
 
 	prosodyHdl := handler.NewProsodyHandler(s.prosodyService, s.fail2banSrv)