...
It is enabled by default.
Trusted proxies
The list of IP addresses (comma separated) of trusted proxies.
If the application is running behind a proxy (e.g. WAF like F5, FortiWeb, etc.), it cannot directly see the IP addresses of connected clients, because the clients connect to the proxy instead. It can only see the IP address of the proxy passing the requests to the application. All the audit logs and also settings limiting administrators' logins to selected IP addresses then work with this proxy IP address, which is usually not what we want.
If we fill in this setting with IP addresses of trusted proxies, which are passing the requests to the application, and they support adding the X-Forwarded-For header (which should be common), the application will ignore the IP addresses of these trusted proxies for the sake of audit logs and access control and will use the IP addresses of clients passed by these trusted proxies (and only by them) in the X-Forwarded-For header instead.