just noticed I can login from anywhere without any password by using the trusted_networks as a auth_provider - since im using a reverse proxy and had 192.168.0.0/24 whitelisted …ups
Yeah need to make sure you pass through the real IP in your proxy.
You need to have use_x_forwarded_for
and trusted_proxies
set in http component
Technically if they know your IP range they may spoof their IP to get through even with that set I believe