From db4ac158e360e2bd0d52ae48e58e927d46032f4c Mon Sep 17 00:00:00 2001
From: binwiederhier <phil@heckel.io>
Date: Sat, 31 May 2025 23:09:51 -0400
Subject: [PATCH] Section

---
 docs/config.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/config.md b/docs/config.md
index 3b89f247..4e8fbab5 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -553,6 +553,7 @@ It may be desirable to run ntfy behind a proxy (e.g. nginx, HAproxy or Apache),
 using Let's Encrypt using certbot, or simply because you'd like to share the ports (80/443) with other services. 
 Whatever your reasons may be, there are a few things to consider. 
 
+### IP-based rate limiting
 If you are running ntfy behind a proxy, you should set the `behind-proxy` flag. This will instruct the 
 [rate limiting](#rate-limiting) logic to use the header configured in `proxy-forwarded-header` (default is `X-Forwarded-For`)
 as the primary identifier for a visitor, as opposed to the remote IP address.