diff --git a/ChangeLog b/ChangeLog
index 9721fbfd..9b34447b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-fwknop-2.6.9 (01//2016):
+fwknop-2.6.9 (04//2016):
+    - (Vlad Glagolev) Added support for deriving the source IP from the
+      X-Forwarded-For HTTP header when SPA packets are sent over HTTP
+      connections.
     - Bug fix in command open/close cycle feature to ensure that the first
       successful match on a valid incoming SPA packet finishes all access.conf
       stanza processing. That is, no other stanzas should be looked at after
diff --git a/Makefile.am b/Makefile.am
index 3a4afeaa..c189b5de 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -336,6 +336,8 @@ EXTRA_DIST = \
     test/conf/udp_server_fwknopd.conf \
     test/conf/spa_over_http_fwknopd.conf \
     test/conf/spa_over_http.pcap \
+    test/conf/spa_x_forwarded_for.pcap \
+    test/conf/spa_x_forwarded_for_fwknopd.conf \
     test/conf/ipt_snat_fwknopd.conf \
     test/conf/firewd_snat_fwknopd.conf \
     test/conf/ipt_snat_no_translate_ip_fwknopd.conf \
diff --git a/test/conf/spa_x_forwarded_for.pcap b/test/conf/spa_x_forwarded_for.pcap
new file mode 100644
index 00000000..d462c579
Binary files /dev/null and b/test/conf/spa_x_forwarded_for.pcap differ
diff --git a/test/conf/spa_x_forwarded_for_fwknopd.conf b/test/conf/spa_x_forwarded_for_fwknopd.conf
new file mode 100644
index 00000000..25bd7e1e
--- /dev/null
+++ b/test/conf/spa_x_forwarded_for_fwknopd.conf
@@ -0,0 +1,2 @@
+ENABLE_SPA_OVER_HTTP        Y;
+ENABLE_X_FORWARDED_FOR      Y;
diff --git a/test/test-fwknop.pl b/test/test-fwknop.pl
index b859cddc..5ecb4ff1 100755
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@@ -42,6 +42,7 @@ our $replay_pcap_file     = "$conf_dir/spa_replay.pcap";
 our $multi_pkts_pcap_file = "$conf_dir/multi_pkts.pcap";
 our $fcs_pcap_file        = "$conf_dir/fcs_spa.pcap";
 our $spa_over_http_pcap_file = "$conf_dir/spa_over_http.pcap";
+our $spa_x_forwarded_for_pcap_file = "$conf_dir/spa_x_forwarded_for.pcap";
 
 our $lib_dir = '../lib/.libs';
 
@@ -531,6 +532,7 @@ our %cf = (
     'tcp_server'                   => "$conf_dir/tcp_server_fwknopd.conf",
     'udp_server'                   => "$conf_dir/udp_server_fwknopd.conf",
     'spa_over_http'                => "$conf_dir/spa_over_http_fwknopd.conf",
+    'spa_x_forwarded_for'          => "$conf_dir/spa_x_forwarded_for_fwknopd.conf",
     'tcp_pcap_filter'              => "$conf_dir/tcp_pcap_filter_fwknopd.conf",
     'icmp_pcap_filter'             => "$conf_dir/icmp_pcap_filter_fwknopd.conf",
     'open_ports_access'            => "$conf_dir/open_ports_access.conf",
diff --git a/test/tests/rijndael_hmac.pl b/test/tests/rijndael_hmac.pl
index 34bdd147..4fd24b19 100644
--- a/test/tests/rijndael_hmac.pl
+++ b/test/tests/rijndael_hmac.pl
@@ -534,6 +534,20 @@
         'fw_rule_created' => $NEW_RULE_REQUIRED,
         'fw_rule_removed' => $NEW_RULE_REMOVED,
     },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'server',
+        'detail'   => '--pcap-file http X-Forwarded-For',
+        'function' => \&process_pcap_file_directly,
+        'cmdline'  => '',
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'spa_x_forwarded_for'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file " .
+            "--pcap-file $spa_x_forwarded_for_pcap_file --foreground $verbose_str " .
+            "--pcap-filter 'port 80' " .
+            "--verbose --verbose --verbose",
+        'server_positive_output_matches' => [qr/Added access rule.*\sfor 1.2.3.4/],
+    },
+
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'server',