Proxy header ignored

morvael · June 17, 2026, 3:39pm

Issue Description

Using Apache as HTTP proxy for port 443.

Expected Behavior

Correct IP to be shown in logs as I log in.

Actual Behavior

127.0.0.1 is logged.

Reproduction Steps

I have confirmed all the relevant headers are reaching Stalwart using tcpdump. HTTP is configured correctly, it is supposed to use the X-Forwarded-For header.

Stalwart Version

v0.16.x

Installation Method

Binary (Linux)

Database Backend

RocksDB

Blob Storage

RocksDB

Search Engine

Internal

Directory Backend

Internal

I have reviewed the documentation and FAQ and confirm that my issue is NOT addressed there.

on

I have searched this support forum (open and closed topics) and confirm this is not a duplicate.

on

helpbot · June 17, 2026, 3:39pm

Let me look up the proxy/trusted IP configuration in Stalwart’s docs.

The useXForwarded setting defaults to false, which is why Stalwart is ignoring the X-Forwarded-For header and logging 127.0.0.1 instead.

You need to enable the useXForwarded flag on the Http singleton. You can do this in the WebUI under Settings > Network > HTTP > General, or via the CLI:

stalwart-cli update Http --field useXForwarded=true

Two important caveats from the docs:

This flag should only be enabled when Stalwart is actually behind a trusted proxy. Because untrusted clients could forge these headers, enabling it on a directly-exposed server would let anyone spoof their source IP for logging and access-control purposes.
Do not use useXForwarded together with the Proxy Protocol. They serve the same purpose and are not interchangeable on the same listener – pick one.

Since you are using Apache in HTTP mode forwarding to Stalwart, useXForwarded is the correct mechanism (Proxy Protocol is for TCP-layer proxies). Once enabled, Stalwart will read the client IP from the X-Forwarded-For / Forwarded header that Apache is already sending.

References: HTTP Settings docs and Reverse Proxy Overview.

This is an automated reply from the Stalwart Help Bot. Other community members may follow up if this answer is incomplete or wrong.

morvael · June 17, 2026, 3:45pm

I did set that option ON in the GUI. I don’t have stalwart-cli.

morvael · June 17, 2026, 3:48pm

Now with CLI:
ProxyObtain remote IP from Forwarded header: Yes

Topic		Replies	Views
Local traffic triggering http.x-forwarded-missing warning Issues	3	22	May 11, 2026
How to check if `X-Forwarde-For` is successfully configured? Questions	9	28	June 15, 2026
Can't access UI after setting up x-forwarded-for Issues	3	50	June 16, 2026
ProxyProtocol not visible in logs Issues	3	43	May 10, 2026
Option to have an override for the port in SRV entries Issues	2	25	June 16, 2026