Trust only listed proxies for IP Allow/Deny.

Documentation.html

@@ -501,7 +501,7 @@ GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real
         suggested, perhaps a <a href="#glossary">.htaccess</a> file with the
         HTTP-AUTH directive or disallowing incoming HTTP requests at
         one&#8217;s router or firewall will suffice (both of which
-    are beyond the scope of this manual but easily searchable with Google).</li>
+        are beyond the scope of this manual but easily searchable with Google).</li>
 </ul>
 
 <!-- CONFIGURATION -->
@@ -1006,7 +1006,11 @@ ALTER TABLE `pma_column_comments`
         listed in the <i>allow</i> rules, and not listed in the <i>deny</i>
         rules. This is the <b>most</b> secure means of using Allow/Deny rules,
         and was available in Apache by specifying allow and deny rules without
-        setting any order.
+        setting any order.<br /><br />
+
+        Please also see <a
+        href="#cfg_TrustedProxies">$cfg['TrustedProxies']</a> for detecting IP
+        address behind proxies.
     </dd>
     <dt id="servers_allowdeny_rules">
         <span id="cfg_Servers_AllowDeny_rules">$cfg['Servers'][$i]['AllowDeny']['rules']</span> array of strings
@@ -1447,6 +1451,13 @@ ALTER TABLE `pma_column_comments`
         Character sets will be shown in same order as here listed, so if you
         frequently use some of these move them to the top.</dd>
 
+    <dt id="cfg_TrustedProxies">$cfg['TrustedProxies'] array</dt>
+    <dd>Lists proxies which are trusted for <a
+        href="#servers_allowdeny_order">IP Allow/Deny</a>. This list is by
+        default empty, you need to fill in some trusted proxy servers if you
+        want to use rules for IP addresses behind proxy.
+    </dd>
+
     <dt id="cfg_GD2Available">$cfg['GD2Available'] string</dt>
     <dd>Specifies whether GD &gt;= 2 is available. If yes it can be used for
         MIME transformations.<br />