Merge branch 'release/1.10.x' into backport/mryan-hashi/add-javasprin…

…g-link/rightly-pleasant-starling
hashicorp · Aug 17, 2023 · 0248e3c · 0248e3c
2 parents e49e88f + b193dca
commit 0248e3c
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/website/content/docs/configuration/listener/tcp.mdx b/website/content/docs/configuration/listener/tcp.mdx
@@ -167,7 +167,11 @@ default value in the `"/sys/config/ui"` [API endpoint](/api-docs/system/config-u
 - `x_forwarded_for_authorized_addrs` `(string: <required-to-enable>)` –
   Specifies the list of source IP CIDRs for which an X-Forwarded-For header
   will be trusted. Comma-separated list or JSON array. This turns on
-  X-Forwarded-For support.
+  X-Forwarded-For support.  If for example Vault receives connections from the 
+  load balancer's IP of `1.2.3.4`, adding `1.2.3.4` to `x_forwarded_for_authorized_addrs` 
+  will result in the `remote_address` field in the audit log being populated with the 
+  connecting client's IP, for example `3.4.5.6`. Note this requires the load balancer 
+  to send the connecting client's IP in the `X-Forwarded-For` header.
 
 - `x_forwarded_for_hop_skips` `(string: "0")` – The number of addresses that will be
   skipped from the _rear_ of the set of hops. For instance, for a header value