- shaarli_allowed_hosts, matrix_synapse_admin_allowed_hosts, matrix_element_allowed_hosts, goaccess_allowed_hosts, ldap_account_manager_allowed_hosts, self_service_password_allowed_hosts, nextcloud_allowed_hosts, transmission_allowed_hosts, tt_rss_allowed_hosts, jitsi_allowed_hosts, homepage_allowed_hosts, graylog_allowed_hosts, gotty_allowed_hosts, gitea_allowed_hosts
- fixes #1031
- jellyfin: allow disabling the allowed IP list entirely (allow access from any IP) by setting an empty `jellyfin_allowed_hosts`
- use RequireAll for virtualhosts also using HTTP basic auth (require a valid IP AND password authentication)
- ensure the matrix API server stays available when matrix_synapse_admin_allowed_hosts is set (only block access to synapse-admin files and synapse admin API endpoints)