From 635aee7a1f46945935a3fb5a5489ffdf843f635c Mon Sep 17 00:00:00 2001
From: Slikkster <13022736+Slikkster@users.noreply.github.com>
Date: Fri, 17 Sep 2021 15:42:44 -0700
Subject: [PATCH] Added note about disabling CSRF in Web UI options

---
 IIS-ARR-Reverse-Proxy.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/IIS-ARR-Reverse-Proxy.md b/IIS-ARR-Reverse-Proxy.md
index d6a879c..7ab0df1 100644
--- a/IIS-ARR-Reverse-Proxy.md
+++ b/IIS-ARR-Reverse-Proxy.md
@@ -48,6 +48,8 @@ The result should look similar to this in your web.config (Note: you must use th
             </outboundRules>
 ```
 
+Additionally you must untick **Enable Cross-Site Request Forgery (CSRF) protection** in qBittorrent's Web UI options for the reverse proxy to work.
+
 You can use HTTPS to access the URL via IIS and it will use HTTP to communicate with qBittorrent. There is no need for HTTPS on localhost. 
 
 Note: If you find yourself seeing `WebAPI login failure. Reason: IP has been banned, IP: 127.0.0.1` and needing to restart qBittorrent, you may want to set the ban after failure count to `0` which will disable it.