From e0123ee38cea06f15d9426e49238606401425ce9 Mon Sep 17 00:00:00 2001
From: Delta Regeer <bertjw@regeer.org>
Date: Sun, 4 Feb 2024 16:01:51 -0700
Subject: [PATCH] Document wildcard support for trusted_proxy

---
 docs/arguments.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/arguments.rst b/docs/arguments.rst
index 2e91112f..0b6ca458 100644
--- a/docs/arguments.rst
+++ b/docs/arguments.rst
@@ -95,6 +95,15 @@ trusted_proxy
 
     For unix sockets, set this value to ``localhost`` instead of an IP address.
 
+    The value ``*`` (wildcard) may be used to signify that all remote peers are
+    to be trusted.
+
+    .. warning::
+       Using the wildcard is a security issue if Waitress is receiving
+       connections from untrusted locations as well as trusted locations. Make
+       sure that waitress is adequately deployed behind an additional layer of
+       security, such as a firewall only allowing traffic from known proxies.
+
     Default: ``None``
 
 trusted_proxy_count