diff --git a/confs/main-lua.conf b/confs/main-lua.conf
index 10b536b..77c4343 100644
--- a/confs/main-lua.conf
+++ b/confs/main-lua.conf
@@ -1,4 +1,5 @@
 set $session_secret %ANTIBOT_SESSION_SECRET%;
+set $session_check_addr on;
 
 access_by_lua_block {
 
diff --git a/lua/recaptcha.lua b/lua/recaptcha.lua
index 5f85555..2816a40 100644
--- a/lua/recaptcha.lua
+++ b/lua/recaptcha.lua
@@ -30,7 +30,7 @@ function M.check (token, recaptcha_secret)
 	local res, err = httpc:request_uri("https://www.google.com/recaptcha/api/siteverify", {
 		ssl_verify = false,
 		method = "POST",
-		body = "secret=" .. recaptcha_secret .. "&response=" .. token,
+		body = "secret=" .. recaptcha_secret .. "&response=" .. token .. "&remoteip=" .. ngx.var.remote_addr,
 		headers = { ["Content-Type"] = "application/x-www-form-urlencoded" }
 	})
 	if not res then