diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php
index b77c414e..cdfe1ba0 100644
--- a/src/Http/RequestFactory.php
+++ b/src/Http/RequestFactory.php
@@ -247,7 +247,7 @@ public function createHttpRequest(): Request
 				if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
 					$xForwardedForWithoutProxies = array_filter(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']), function ($ip) {
 						return !array_filter($this->proxies, function ($proxy) use ($ip) {
-							return Helpers::ipMatch(trim($ip), $proxy);
+							return filter_var(trim($ip), FILTER_VALIDATE_IP) !== FALSE && Helpers::ipMatch(trim($ip), $proxy);
 						});
 					});
 					$remoteAddr = trim(end($xForwardedForWithoutProxies));
diff --git a/tests/Http/RequestFactory.proxy.x-forwarded.phpt b/tests/Http/RequestFactory.proxy.x-forwarded.phpt
index 14d1b9d7..c7f415cc 100644
--- a/tests/Http/RequestFactory.proxy.x-forwarded.phpt
+++ b/tests/Http/RequestFactory.proxy.x-forwarded.phpt
@@ -35,8 +35,8 @@ test(function () {
 	$_SERVER = [
 		'REMOTE_ADDR' => '10.0.0.2', //proxy2
 		'REMOTE_HOST' => 'proxy2',
-		'HTTP_X_FORWARDED_FOR' => '123.123.123.123, 172.16.0.1, 10.0.0.1',
-		'HTTP_X_FORWARDED_HOST' => 'fake, real, proxy1',
+		'HTTP_X_FORWARDED_FOR' => '123.123.123.123, not-ip.com, 172.16.0.1, 10.0.0.1',
+		'HTTP_X_FORWARDED_HOST' => 'fake, not-ip.com, real, proxy1',
 	];
 
 	$factory = new RequestFactory;