diff --git a/Setup-Reverse-Proxy.md b/Setup-Reverse-Proxy.md
index edb3316..7c2ff43 100644
--- a/Setup-Reverse-Proxy.md
+++ b/Setup-Reverse-Proxy.md
@@ -106,3 +106,8 @@ My web.config file looks like this:
 
 The crossed out sections aren't needed, they are leftovers from my experiments.
 
+### Login via header from upstream authentication source
+
+If your reverse proxy has some kind of authentication mechanism, you can configure Calibre-web to log users in based on headers received from the proxy. If using this feature, it's important that only the proxy is exposed to users, because if the Calibre-web instance is at all directly exposed to traffic, then a malicious user will be able to log in as any user that exists via simply setting a header.
+
+In the admin configuration, check the box marked `Allow Reverse Proxy Authentication`, and then fill in the text box that appears with the name of the header that will contain the username.