diff --git a/External-Webserver-use:-Reverse-proxy.md b/External-Webserver-use:-Reverse-proxy.md
index de05a2c..de97bdd 100644
--- a/External-Webserver-use:-Reverse-proxy.md
+++ b/External-Webserver-use:-Reverse-proxy.md
@@ -77,6 +77,14 @@ Some instructions
 
 After installing HTTPS on the Apache, you can [set up proxy settings for Plan](https://github.com/plan-player-analytics/Plan/wiki/SSL-Certificate-%28HTTPS%29-Set-Up#if-behind-a-proxy)
 
+# Password bruteforce -guard and whitelist support (X-Forwarded-For)
+
+To keep stuff that relies on IP of the requester functional behind reverse-proxy.
+
+- Make sure reverse-proxy is passing request IP in `X-Forwarded-For` header
+- Make sure Plan can't be accessed without connecting through reverse proxy
+- Enable X-Forwarded-For support under Webserver settings in Plan config
+
 # Debugging step-list for determening connection issue source
 
 - [x] Check that Plan webserver has enabled (on the server console)