diff --git a/website/thaliawebsite/middleware.py b/website/thaliawebsite/middleware.py
new file mode 100644
index 000000000..226220f9d
--- /dev/null
+++ b/website/thaliawebsite/middleware.py
@@ -0,0 +1,10 @@
+class RealIPMiddleware:
+    """Sets `REMOTE_ADDR` to the X-Real-IP header set by the reverse proxy."""
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        if "X-Real-Ip" in request.headers:
+            request.META["REMOTE_ADDR"] = request.headers["X-Real-Ip"]
+        return self.get_response(request)
diff --git a/website/thaliawebsite/settings.py b/website/thaliawebsite/settings.py
index 08544450b..251053c24 100644
--- a/website/thaliawebsite/settings.py
+++ b/website/thaliawebsite/settings.py
@@ -501,8 +501,8 @@ def from_env(
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.locale.LocaleMiddleware",
+    "thaliawebsite.middleware.RealIPMiddleware",
     "django_ratelimit.middleware.RatelimitMiddleware",
-    # Our middleware
     "members.middleware.MemberMiddleware",
     "announcements.middleware.AnnouncementMiddleware",
 ]
diff --git a/website/thaliawebsite/views.py b/website/thaliawebsite/views.py
index 08b67681b..c210933dd 100644
--- a/website/thaliawebsite/views.py
+++ b/website/thaliawebsite/views.py
@@ -63,7 +63,8 @@ def post(self, request, *args, **kwargs):
 
 
 class RateLimitedLoginView(LoginView):
-    @method_decorator(ratelimit(key="ip", rate="10/m"))
+    @method_decorator(ratelimit(key="ip", rate="30/h"))
+    @method_decorator(ratelimit(key="post:username", rate="30/h"))
     def post(self, request, *args, **kwargs):
         return super().post(request, *args, **kwargs)