diff --git a/server/subsonic/middlewares.go b/server/subsonic/middlewares.go
index b8f01c83e..af1ba448f 100644
--- a/server/subsonic/middlewares.go
+++ b/server/subsonic/middlewares.go
@@ -47,11 +47,23 @@ func postFormToQueryParams(next http.Handler) http.Handler {
 	})
 }
 
+func fromInternalOrProxyAuth(r *http.Request) (string, bool) {
+	username := server.InternalAuth(r)
+
+	// If the username comes from internal auth, do not also do reverse proxy auth, as
+	// the request will have no reverse proxy IP
+	if username != "" {
+		return username, true
+	}
+
+	return server.UsernameFromReverseProxyHeader(r), false
+}
+
 func checkRequiredParameters(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var requiredParameters []string
 
-		username := cmp.Or(server.InternalAuth(r), server.UsernameFromReverseProxyHeader(r))
+		username, _ := fromInternalOrProxyAuth(r)
 		if username != "" {
 			requiredParameters = []string{"v", "c"}
 		} else {
@@ -91,10 +103,9 @@ func authenticate(ds model.DataStore) func(next http.Handler) http.Handler {
 			var usr *model.User
 			var err error
 
-			internalAuth := server.InternalAuth(r)
-			proxyAuth := server.UsernameFromReverseProxyHeader(r)
-			if username := cmp.Or(internalAuth, proxyAuth); username != "" {
-				authType := If(internalAuth != "", "internal", "reverse-proxy")
+			username, isInternalAuth := fromInternalOrProxyAuth(r)
+			if username != "" {
+				authType := If(isInternalAuth, "internal", "reverse-proxy")
 				usr, err = ds.User(ctx).FindByUsername(username)
 				if errors.Is(err, context.Canceled) {
 					log.Debug(ctx, "API: Request canceled when authenticating", "auth", authType, "username", username, "remoteAddr", r.RemoteAddr, err)