diff --git a/config.yaml b/config.yaml
index f6018fc30..66540425a 100644
--- a/config.yaml
+++ b/config.yaml
@@ -51,6 +51,9 @@ beef:
         # Reverse Proxy / NAT
         # If you want BeEF to be accessible behind a reverse proxy or NAT,
         #   set both the publicly accessible hostname/IP address and port below:
+        # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
+        #   by altering the X-FORWARDED-FOR ip address in the request header.
+        allow_reverse_proxy: false
         #public: ""      # public hostname/IP address
         #public_port: "" # public port (experimental)