diff --git a/changelog b/changelog
index c49bf5d3..0f96884a 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,7 @@
+Tue Sep 10 16:10 2013 CDT
+    * lib/server.js, lib/api.js: Implicitly trust X-Forwarded-For when the
+      source ip is 127.0.0.1
+
 Tue Sep 10 14:09 2013 CDT
     * lib/config.js, lib/server.js: Add a config key for the passphrase
       to the ssl key.
diff --git a/lib/api.js b/lib/api.js
index c461eca8..077ef1e3 100644
--- a/lib/api.js
+++ b/lib/api.js
@@ -19,7 +19,7 @@ module.exports = function (Server) {
     function getIP(req) {
         var raw = req.connection.remoteAddress;
         var forward = req.header("x-forwarded-for");
-        if(Server.cfg["trust-x-forward"] && forward) {
+        if((Server.cfg["trust-x-forward"] || raw === "127.0.0.1") && forward) {
             var ip = forward.split(",")[0];
             Logger.syslog.log("REVPROXY " + raw + " => " + ip);
             return ip;
diff --git a/lib/server.js b/lib/server.js
index 3a44f1b1..f1680ee3 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -13,7 +13,7 @@ const VERSION = "2.4.2";
 function getIP(req) {
     var raw = req.connection.remoteAddress;
     var forward = req.header("x-forwarded-for");
-    if(Server.cfg["trust-x-forward"] && forward) {
+    if((Server.cfg["trust-x-forward"] || raw === "127.0.0.1") && forward) {
         var ip = forward.split(",")[0];
         Logger.syslog.log("REVPROXY " + raw + " => " + ip);
         return ip;
@@ -23,7 +23,7 @@ function getIP(req) {
 
 function getSocketIP(socket) {
     var raw = socket.handshake.address.address;
-    if(Server.cfg["trust-x-forward"]) {
+    if(Server.cfg["trust-x-forward"] || raw === "127.0.0.1") {
         if(typeof socket.handshake.headers["x-forwarded-for"] == "string") {
             var ip = socket.handshake.headers["x-forwarded-for"]
                 .split(",")[0];