diff --git a/src/Cogworks.SiteLock/Web/HttpModules/RequestProcessor.cs b/src/Cogworks.SiteLock/Web/HttpModules/RequestProcessor.cs
index df08cb4..d43decb 100644
--- a/src/Cogworks.SiteLock/Web/HttpModules/RequestProcessor.cs
+++ b/src/Cogworks.SiteLock/Web/HttpModules/RequestProcessor.cs
@@ -27,7 +27,9 @@ public void ProcessRequest(HttpContextBase httpContext)
             var urlReferrer = httpContext.Request.UrlReferrer;
             var ipAddress = httpContext.Request.GetIpAddress();
 
-            if (!RequestHelper.IsLockedDomain(_config, requestUri.Host)) { return; }
+            if (RequestHelper.IsLockedDomain(_config, requestUri.Host))
+            {
+                if (RequestHelper.IsAllowedIP(_config, GetUserHostAddress(httpContext))) { return; }
 
             if (RequestHelper.IsAllowedIP(_config, ipAddress)) { return; }
 
@@ -42,5 +44,26 @@ public void ProcessRequest(HttpContextBase httpContext)
             httpContext.Response.StatusCode = 403;
             throw new HttpException(403, "Locked by Cogworks.SiteLock Module");
         }
+
+        /// <summary>
+        /// Attempt to get the IP address of the client (as a string)
+        /// </summary>
+        /// <returns></returns>
+        private static string GetUserHostAddress(HttpContextBase httpContext)
+        {
+            string ipAddress = httpContext.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
+
+            if (!string.IsNullOrEmpty(ipAddress))
+            {
+                string[] ipAddresses = ipAddress.Split(',');
+
+                if (ipAddresses.Length != 0)
+                {
+                    return ipAddresses[0];
+                }
+            }
+
+            return httpContext.Request.ServerVariables["REMOTE_ADDR"];
+        }
     }
 }
\ No newline at end of file
diff --git a/src/Tests/Cogworks.SiteLock.Test/When_Processing_Request.cs b/src/Tests/Cogworks.SiteLock.Test/When_Processing_Request.cs
index c67ffaf..11597a1 100644
--- a/src/Tests/Cogworks.SiteLock.Test/When_Processing_Request.cs
+++ b/src/Tests/Cogworks.SiteLock.Test/When_Processing_Request.cs
@@ -40,8 +40,10 @@ public When_Processing_Request()
 
             _uriStub = new Uri("http://thecogworks.com" + AbsolutePath);
             _httpRequestMock.Setup(x => x.Url).Returns(_uriStub);
-
-            _httpRequestMock.Setup(x => x.UserHostAddress).Returns("8.8.8.8");
+            _httpRequestMock.Setup(x => x.ServerVariables).Returns(new System.Collections.Specialized.NameValueCollection{
+                    { "HTTP_X_FORWARDED_FOR", "8.8.8.8, 4.4.4.4:18104" },
+                    { "REMOTE_ADDR", "8.8.8.8" }
+            });
 
             _contextMock.Setup(x => x.Request).Returns(_httpRequestMock.Object);
             _contextMock.Setup(x => x.Response).Returns(_httpResponseMock.Object);