diff --git a/backend/server.js b/backend/server.js
index 74c3659..45ee1da 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -35,6 +35,9 @@ const io = socketio(server, {
 });
 const port = process.env.PORT || 5000;
 
+// Trust proxy - required when behind ingress/reverse proxy
+app.set('trust proxy', 1);
+
 // Security Headers - Helmet
 app.use(helmet());
 
@@ -68,6 +71,8 @@ const authLimiter = rateLimit({
   },
   standardHeaders: true,
   legacyHeaders: false,
+  // Trust proxy when behind ingress
+  validate: { trustProxy: false },
 });
 
 // General API Rate Limiting (100 requests per 15 minutes)
@@ -80,6 +85,8 @@ const apiLimiter = rateLimit({
   },
   standardHeaders: true,
   legacyHeaders: false,
+  // Trust proxy when behind ingress
+  validate: { trustProxy: false },
 });
 
 // Database Connection