diff --git a/lib/mastodon/router.js b/lib/mastodon/router.js
index ffd1b0f..3a28efa 100644
--- a/lib/mastodon/router.js
+++ b/lib/mastodon/router.js
@@ -28,6 +28,7 @@ const apiLimiter = rateLimit({
   max: 300,
   standardHeaders: true,
   legacyHeaders: false,
+  validate: { trustProxy: false }, // behind nginx reverse proxy; trust proxy is intentional
   message: { error: "Too many requests, please try again later" },
 });
 
@@ -36,6 +37,7 @@ const authLimiter = rateLimit({
   max: 30,
   standardHeaders: true,
   legacyHeaders: false,
+  validate: { trustProxy: false },
   message: { error: "Too many authentication attempts" },
 });
 
@@ -44,6 +46,7 @@ const appRegistrationLimiter = rateLimit({
   max: 25,
   standardHeaders: true,
   legacyHeaders: false,
+  validate: { trustProxy: false },
   message: { error: "Too many app registrations" },
 });