From 069880fd3c755182b86d7946a862b43968ecb4af Mon Sep 17 00:00:00 2001
From: Aliaksandr Valialkin <valyala@victoriametrics.com>
Date: Fri, 28 Jan 2022 12:06:45 +0200
Subject: [PATCH] docs/vmauth.md: mention that backend services must be
 accessible only via vmauth

---
 app/vmauth/README.md | 2 ++
 docs/vmauth.md       | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/app/vmauth/README.md b/app/vmauth/README.md
index c5c8d30547..eff0ac7e59 100644
--- a/app/vmauth/README.md
+++ b/app/vmauth/README.md
@@ -124,6 +124,8 @@ This may be useful for passing secrets to the config.
 
 ## Security
 
+It is expected that all the backend services protected by `vmauth` are located in an isolated private network, so they can be accessed by external users only via `vmauth`.
+
 Do not transfer Basic Auth headers in plaintext over untrusted networks. Enable https. This can be done by passing the following `-tls*` command-line flags to `vmauth`:
 
 ```
diff --git a/docs/vmauth.md b/docs/vmauth.md
index 82491b7023..5edd39bbab 100644
--- a/docs/vmauth.md
+++ b/docs/vmauth.md
@@ -128,6 +128,8 @@ This may be useful for passing secrets to the config.
 
 ## Security
 
+It is expected that all the backend services protected by `vmauth` are located in an isolated private network, so they can be accessed by external users only via `vmauth`.
+
 Do not transfer Basic Auth headers in plaintext over untrusted networks. Enable https. This can be done by passing the following `-tls*` command-line flags to `vmauth`:
 
 ```