[Security]: Bind loopback and auth.mode trusted-proxy not working together

[kesor]

Summary

Using version 2026.2.17 and have a tunnel that adds authentication headers (cloudflared) which means that requests to gateway are sent via loopback, and I wanted to designate it as a trusted proxy with the authetication JWT headers taken into account.

The issue is that Gateway refuses to start with gateway.bind = "loopback" and gateway.auth.mode = "trusted-proxy" set at the same time. And it forces me to use gateway.bind = "lan" which I prefer not to do (there is no reason for it).

Gateway failed to start: Error: gateway auth mode=trusted-proxy makes no sense with bind=loopback; use bind=lan or bind=custom with gateway.trustedProxies configured

Steps to reproduce

1. Configure gateway.bind = "loopback"
2. Configure gateway.auth.mode = "trusted-proxy"
3. Start gateway

Expected behavior

Would expect it to not complain and be happy that it has one less security problem to concern with (bind=lan). One less check for the doctor to complain about.

Actual behavior

Actually it just refuses to start the gateway. Falls on its face immediately after loading the configuration.

OpenClaw version

2026.2.17

Operating system

Linux (NixOS)

Install method

pnpm

Logs, screenshots, and evidence

Feb 18 15:35:32 ng systemd[2134247]: openclaw-gateway.service: Scheduled restart job, restart counter is at 47.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ Automatic restarting of the unit UNIT has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Feb 18 15:35:32 ng systemd[2134247]: Started OpenClaw AI Gateway.
░░ Subject: A start job for unit UNIT has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit UNIT has finished successfully.
░░
░░ The job identifier is 10285.
Feb 18 15:35:35 ng openclaw[3532335]: 2026-02-18T15:35:35.235+02:00 Gateway failed to start: Error: gateway auth mode=trusted-proxy makes no sense with bind=loopback; use bind=lan or bind=custom w
ith gateway.trustedProxies configured
Feb 18 15:35:35 ng systemd[2134247]: openclaw-gateway.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ An ExecStart= process belonging to unit UNIT has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Feb 18 15:35:35 ng systemd[2134247]: openclaw-gateway.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit UNIT has entered the 'failed' state with result 'exit-code'.
Feb 18 15:35:35 ng systemd[2134247]: openclaw-gateway.service: Consumed 3.646s CPU time, 344.5M memory peak.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit UNIT completed and consumed the indicated resources.

Impact and severity

Affected: openclaw gateway
Severity: security concern
Frequency: always
Consequence: higher security risk with a lan listener when a loopback can do

Additional information

No response