Secure gateway:

This is designed for use by proxies in front of rippled. Configured IPs
can forward identifying user data in HTTP headers, including
user name and origin IP. If the user name exists, then resource limits
are lifted for that session. However, administrative commands are still
reserved only for administrative sessions.

doc/rippled-example.cfg

@@ -212,6 +212,29 @@
 #       in the submitted JSON for any administrative command requests when
 #       invoking JSON-RPC commands on remote servers.
 #
+#   secure_gateway = [ IP, IP, IP, ... ]
+#
+#       A comma-separated list of IP addresses.
+#
+#       When set, allows the specified IP addresses to pass HTTP headers
+#       containing username and remote IP address for each session. If a
+#       non-empty username is passed in this way, then resource controls
+#       such as often resulting in "tooBusy" errors will be lifted. However,
+#       administrative RPC commands such as "stop" will not be allowed.
+#       The HTTP headers that secure_gateway hosts can set are X-User and
+#       X-Forwarded-For. Only the X-User header affects resource controls.
+#       However, both header values are logged to help identify user activity.
+#       If no X-User header is passed, or if its value is empty, then
+#       resource controls will default to those for non-administrative users.
+#
+#       The secure_gateway IP addresses are intended to represent
+#       proxies. Since rippled trusts these hosts, they must be
+#       responsible for properly authenticating the remote user.
+#
+#       The same IP address cannot be used in both "admin" and "secure_gateway"
+#       lists for the same port. In this case, rippled will abort with an error
+#       message to the console shortly after startup
+#
 #   ssl_key = <filename>
 #   ssl_cert = <filename>
 #   ssl_chain = <filename>