diff --git a/login.php b/login.php
index 26628eeb..3e525097 100644
--- a/login.php
+++ b/login.php
@@ -11,12 +11,11 @@ if (!file_exists('config.php')) {
 require_once("config.php");
 
 // Check if the application is configured for HTTPS-only access
-if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on')) {
+if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') && (!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) || $_SERVER['HTTP_X_FORWARDED_PROTO'] !== 'https')) {
     echo "Login is restricted as ITFlow defaults to HTTPS-only for enhanced security. To login using HTTP, modify the config.php file by setting config_https_only to false. However, this is strongly discouraged, especially when accessing from potentially unsafe networks like the internet.";
     exit;
 }
 
-
 require_once("functions.php");
 require_once("rfc6238.php");