diff --git a/config/saas-development.toml b/config/saas-development.toml
index 7cb178e..1bc2e59 100644
--- a/config/saas-development.toml
+++ b/config/saas-development.toml
@@ -5,6 +5,7 @@
 host = "0.0.0.0"
 port = 8080
 cors_origins = []  # 空 = 开发模式允许所有来源
+trusted_proxies = ["127.0.0.1", "::1"]
 
 [database]
 url = "postgres://postgres:123123@localhost:5432/zclaw"
diff --git a/config/saas-production.toml b/config/saas-production.toml
index aaf4c49..ffe233c 100644
--- a/config/saas-production.toml
+++ b/config/saas-production.toml
@@ -6,6 +6,7 @@ host = "0.0.0.0"
 port = 8080
 # 生产环境必须配置 CORS 白名单
 cors_origins = ["https://admin.zclaw.ai", "https://zclaw.ai"]
+trusted_proxies = ["127.0.0.1", "::1"]  # 替换为实际代理 IP
 
 [database]
 # 生产环境通过 ZCLAW_DATABASE_URL 环境变量覆盖，此处为占位
diff --git a/crates/zclaw-saas/src/config.rs b/crates/zclaw-saas/src/config.rs
index 8ca8f57..6401c49 100644
--- a/crates/zclaw-saas/src/config.rs
+++ b/crates/zclaw-saas/src/config.rs
@@ -59,6 +59,10 @@ pub struct ServerConfig {
     pub port: u16,
     #[serde(default)]
     pub cors_origins: Vec<String>,
+    /// 可信反向代理 IP 列表。仅对来自这些 IP 的请求解析 X-Forwarded-For 头。
+    /// 生产环境应为 Nginx/Caddy 的实际 IP，如 ["127.0.0.1", "10.0.0.1"]
+    #[serde(default)]
+    pub trusted_proxies: Vec<String>,
 }
 
 /// 数据库配置
@@ -151,6 +155,7 @@ impl Default for ServerConfig {
             host: default_host(),
             port: default_port(),
             cors_origins: Vec::new(),
+            trusted_proxies: vec![],
         }
     }
 }