albatorsk

Thank you so much for your help! After checking Auditing, I noticed that all requests seemed to be coming from the reverse proxy. So, I took another look at X-Forwarded-For Support under proxy & syslog servers. The mistake I had made was that I had supplied my default gateway IP there, and not my reverse proxy IP. I must have been tired when I set it up, as I didn't even notice it when I wrote the initial message. After changing it to the reverse proxy IP, it works perfectly! All client IPs are logged correctly, and 2FA is now required when signing in from outside of my network.

Hi, I'm a happy home user of Passwordstate (PWS), and so far the experience has been very nice. I've exposed my PWS to the internet through the use of an Apache reverse proxy, and that works great. Before I did that, I of course made sure I had 2FA enabled for my user, as only using username and password seemed far too dangerous. This has worked perfectly, but, I've been a bit annoyed by the fact that I needed to use 2FA even when I access my PWS from home. So, reading a bit about it lead me to the Administration -> System Settings -> allowed ip ranges -> Web S