Blue Iris

I have Blue Iris set up behind a reverse proxy in my network. Some users, like the anonymous user, I only want to be able to authenticate to Blue Iris when they are on my private LAN, but not when they are accessing BI from the internet through my reverse proxy. This seems exactly like what the "LAN Only" in the BI user settings enables.

Except it doesn't seem to work. BI seems to consider all users, even when they are coming from the internet, as "LAN Only" users. What does BI use to differentiate whether a user is a "LAN Only" user? In my web server settings I have my local LAN IP set correctly.

I assume this happens because BI sees the IP address of the reverse proxy server as the originating IP address, and since it is on my LAN that means all internet users coming in through it appear as LAN users. The reverse proxy is correctly setting X-Real-IP and X-Forwarded-For HTTP headers to the correct internet IP address of the originating user but I guess BI does not use those headers to determine a user's IP address? I can control what headers the reverse proxy sets, is there something else BI needs to properly recognize the originating IP address to determine LAN Only?

Is there any way to use this setting with a reverse proxy like this?

Duh, I had searched for a solution previously with no luck, but the wording of my post prompted me to do more searches including X-Forwarded-For and I found the solution to my problem: https://github.com/elad-bar/ha-blueiris/issues/23