diff --git a/RemoteUserConfluenceAuth/RemoteUserConfluenceAuth.properties b/RemoteUserConfluenceAuth/RemoteUserConfluenceAuth.properties
new file mode 100644
index 0000000..c0b4026
--- /dev/null
+++ b/RemoteUserConfluenceAuth/RemoteUserConfluenceAuth.properties
@@ -0,0 +1,17 @@
+## This file can override some default behaviour if saved in 
+##  WEB-INF/classes/RemoteUserConfluenceAuth.properties
+
+## If you're passing the username in an HTTP header, set the name here in 
+## lowercase. Leave blank to use the special REMOTE_USER header. 
+#header=x-proxy-username
+#header=
+header=x-forward-name
+
+## Use trustedhosts to specify specific hosts which are allowed to authenticate
+##  via HTTP headers. Leave blank to allow all hosts. It supports a comma
+##  separated list of IP addresses. It does not support subnets or ranges.
+#trustedhosts=192.168.0.1,192.168.0.2
+#trustedhosts=192.168.0.1
+#trustedhosts=192.168.0.1,127.0.0.1
+#trustedhosts=
+trustedhosts=10.1.1.100,127.0.0.1
diff --git a/RemoteUserConfluenceAuth/pom.xml b/RemoteUserConfluenceAuth/pom.xml
index c5aef92..1b095d4 100644
--- a/RemoteUserConfluenceAuth/pom.xml
+++ b/RemoteUserConfluenceAuth/pom.xml
@@ -7,7 +7,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>anguswarren.confluence</groupId>
     <artifactId>RemoteUserConfluenceAuth</artifactId>
-    <version>1.1</version>
+    <version>1.2</version>
 
     <organization>
         <name>Angus Warren</name>
diff --git a/RemoteUserConfluenceAuth/src/main/java/anguswarren/confluence/RemoteUserConfluenceAuth.java b/RemoteUserConfluenceAuth/src/main/java/anguswarren/confluence/RemoteUserConfluenceAuth.java
index b32f066..4b9d97c 100644
--- a/RemoteUserConfluenceAuth/src/main/java/anguswarren/confluence/RemoteUserConfluenceAuth.java
+++ b/RemoteUserConfluenceAuth/src/main/java/anguswarren/confluence/RemoteUserConfluenceAuth.java
@@ -1,5 +1,5 @@
 /**
- * Copyright 2011 Angus Warren
+ * Copyright 2016 Angus Warren
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,52 +17,72 @@
 package anguswarren.confluence;
 
 import org.apache.log4j.Category;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.Properties;
 import java.security.Principal;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import com.atlassian.core.util.ClassLoaderUtils;
 import com.atlassian.confluence.user.ConfluenceAuthenticator;
 
-public class RemoteUserConfluenceAuth extends ConfluenceAuthenticator
-{
+public class RemoteUserConfluenceAuth extends ConfluenceAuthenticator {
     private static final Category log = Category.getInstance(RemoteUserConfluenceAuth.class);
 	
-    public Principal getUser(HttpServletRequest request, HttpServletResponse response)
-    {
+    public Principal getUser(HttpServletRequest request, HttpServletResponse response) {
         Principal user = null;
-        try
-        {
-            if(request.getSession() != null && request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY) != null)
-            {
+        try {
+            if (request.getSession() != null && request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY) != null) {
                 log.debug("Session found; user already logged in");
                 user = (Principal) request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY);
                 String username = user.getName();
                 user = getUser(username);
-            }
-            else
-            {
-                    log.debug("Trying RemoteUserConfluenceAuth SSO");
-                    String remoteuser = request.getRemoteUser();
-                    log.debug("remote_user set to: " + remoteuser);
-                    if(remoteuser != null)
-                    {
-			String[] username = remoteuser.split("@");
-                        user = getUser(username[0]);
-                        log.debug("Logging in with username: " + user);
-                        request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY, user);
-                        request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_OUT_KEY, null);
-                    }
-                    else 
-                    {
-                        log.warn("remote_user is null");
-                        return null;
+            } else {
+                Properties p = new Properties();
+                try {
+                    InputStream iStream = ClassLoaderUtils.getResourceAsStream("RemoteUserConfluenceAuth.properties", this.getClass());
+                    p.load(iStream);
+                } catch (Exception e) {
+                    log.debug("Exception loading propertie. The properties file is optional anyway, so this may not be an issues: " + e, e);
+                }
+
+                String trustedhosts = p.getProperty("trustedhosts");
+                if (trustedhosts != null) {
+                    String ipAddress = request.getRemoteAddr();
+                    if (Arrays.asList(trustedhosts.split(",")).contains(ipAddress)) {
+                        log.debug("IP found in trustedhosts.");
+                    } else {
+                        log.debug("IP not found in trustedhosts: " + ipAddress);
+                        return null; 
                     }
+                } else {
+                    log.debug("trustedhosts not configured. If you're using http headers, this may be a security issue.");
+                }
+
+                String remoteuser = null;
+                String header = p.getProperty("header");
+                if (header == null) {
+                    log.debug("Trying REMOTE_USER for SSO");
+                    remoteuser = request.getRemoteUser();
+                } else {
+                    log.debug("Trying HTTP header '" + header + "' for SSO");
+                    remoteuser = request.getHeader(header);
+                }
+
+                if (remoteuser != null) {
+                    String[] username = remoteuser.split("@");
+                    user = getUser(username[0]);
+                    log.debug("Logging in with username: " + user);
+                    request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY, user);
+                    request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_OUT_KEY, null);
+                } else {
+                    log.debug("remote_user is null");
+                    return null;
+                }
             }
-        }
-        catch (Exception e)
-        {
-            log.warn("Exception: " + e, e);
+        } catch (Exception e) {
+            log.error("Exception: " + e, e);
         }
         return user;
     }
-
 }
diff --git a/builds/RemoteUserConfluenceAuth-1.2.jar b/builds/RemoteUserConfluenceAuth-1.2.jar
new file mode 100644
index 0000000..f652a4f
Binary files /dev/null and b/builds/RemoteUserConfluenceAuth-1.2.jar differ
diff --git a/builds/RemoteUserConfluenceAuth-1.2.tar.gz b/builds/RemoteUserConfluenceAuth-1.2.tar.gz
new file mode 100644
index 0000000..ebac338
Binary files /dev/null and b/builds/RemoteUserConfluenceAuth-1.2.tar.gz differ