diff --git a/http/handler.go b/http/handler.go
index adeb252..f12957d 100644
--- a/http/handler.go
+++ b/http/handler.go
@@ -75,22 +75,27 @@ func (this *Handler) Configure (config step.Meta) error {
 }
 
 func (this *Handler) ServeHTTP (res http.ResponseWriter, req *http.Request) {
+	filesystem := this.Environment.GetFS()
+	
+	// get the real client IP
 	remoteAddrStr := req.RemoteAddr
+	realRemoteAddr := req.RemoteAddr
 	if addr := req.Header.Get("CF-Connecting-IP"); addr != "" {
 		if this.TrustCFConnectingIP {
-			proxy := req.RemoteAddr
-			req.RemoteAddr = addr
-			remoteAddrStr = fmt.Sprintf("%s --CF-> %s", addr, proxy)
+			realRemoteAddr = addr
+			remoteAddrStr = fmt.Sprintf("%s --CF-> %s", addr, req.RemoteAddr)
 		}
 	} else if addr := req.Header.Get("X-Forwarded-For"); addr != "" {
 		if this.TrustXForwardedFor {
-			proxy := req.RemoteAddr
-			req.RemoteAddr = addr
-			remoteAddrStr = fmt.Sprintf("%s --XF-> %s", addr, proxy)
+			realRemoteAddr = addr
+			remoteAddrStr = fmt.Sprintf("%s --XF-> %s", addr, req.RemoteAddr)
 		}
 	}
+
+	// make req clone with correct ip
+	req = req.Clone(req.Context())
+	req.RemoteAddr = realRemoteAddr
 	log.Println("(i)", req.Method, req.URL, "from", remoteAddrStr)
-	filesystem := this.Environment.GetFS()
 
 	// rate limit
 	err := this.rateLimit(req, "", this.RateLimit)