diff --git a/src/api/Server.ts b/src/api/Server.ts
index bea75d7e..27adc0bd 100644
--- a/src/api/Server.ts
+++ b/src/api/Server.ts
@@ -99,6 +99,10 @@ export class SpacebarServer extends Server {
 
 		this.app.set("json replacer", JSONReplacer);
 
+		const trustedProxies = Config.get().security.trustedProxies;
+		if(trustedProxies)
+			this.app.set("trust proxy", trustedProxies);
+
 		this.app.use(CORS);
 		this.app.use(BodyParser({ inflate: true, limit: "10mb" }));
 
diff --git a/src/util/config/types/SecurityConfiguration.ts b/src/util/config/types/SecurityConfiguration.ts
index 35776642..38aab6f8 100644
--- a/src/util/config/types/SecurityConfiguration.ts
+++ b/src/util/config/types/SecurityConfiguration.ts
@@ -29,6 +29,9 @@ export class SecurityConfiguration {
 	// X-Forwarded-For for nginx/reverse proxies
 	// CF-Connecting-IP for cloudflare
 	forwardedFor: string | null = null;
+	// trusted proxies to get the real user ip address
+	// requires a reverse proxy to overwrite X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Proto
+	trustedProxies: string | boolean | null = null;
 	ipdataApiKey: string | null =
 		"eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9";
 	mfaBackupCodeCount: number = 10;