diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs
index 6996210435..57c509923a 100644
--- a/Emby.Server.Implementations/ApplicationHost.cs
+++ b/Emby.Server.Implementations/ApplicationHost.cs
@@ -1931,13 +1931,13 @@ namespace Emby.Server.Implementations
         {
             get
             {
-                return SupportsHttps && ServerConfigurationManager.Configuration.EnableHttps;
+                return SupportsHttps && (ServerConfigurationManager.Configuration.EnableHttps || ServerConfigurationManager.Configuration.RequireHttps);
             }
         }
 
         public bool SupportsHttps
         {
-            get { return Certificate != null; }
+            get { return Certificate != null || ServerConfigurationManager.Configuration.IsBehindProxy; }
         }
 
         public async Task<string> GetLocalApiUrl()
diff --git a/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs b/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs
index 9b434d606d..2cef468394 100644
--- a/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs
+++ b/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs
@@ -48,7 +48,7 @@ namespace Emby.Server.Implementations.EntryPoints
             values.Add(config.PublicPort.ToString(CultureInfo.InvariantCulture));
             values.Add(_appHost.HttpPort.ToString(CultureInfo.InvariantCulture));
             values.Add(_appHost.HttpsPort.ToString(CultureInfo.InvariantCulture));
-            values.Add(config.EnableHttps.ToString());
+            values.Add((config.EnableHttps || config.RequireHttps).ToString());
             values.Add(_appHost.EnableHttps.ToString());
 
             return string.Join("|", values.ToArray(values.Count));
diff --git a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
index 031d1d90b1..acc247e458 100644
--- a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
+++ b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
@@ -423,6 +423,19 @@ namespace Emby.Server.Implementations.HttpServer
             return true;
         }
 
+        private bool ValidateSsl(string remoteIp)
+        {
+            if (_config.Configuration.RequireHttps && _appHost.EnableHttps)
+            {
+                if (!_networkManager.IsInLocalNetwork(remoteIp))
+                {
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
         /// <summary>
         /// Overridable method that can be used to implement a custom hnandler
         /// </summary>
@@ -453,6 +466,12 @@ namespace Emby.Server.Implementations.HttpServer
                     return;
                 }
 
+                if (!ValidateSsl(httpReq.RemoteIp))
+                {
+                    RedirectToUrl(httpRes, urlString.Replace("http://", "https://", StringComparison.OrdinalIgnoreCase));
+                    return;
+                }
+
                 if (string.Equals(httpReq.Verb, "OPTIONS", StringComparison.OrdinalIgnoreCase))
                 {
                     httpRes.StatusCode = 200;
diff --git a/MediaBrowser.Model/Configuration/ServerConfiguration.cs b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
index 7c7358845b..f7fffbf79a 100644
--- a/MediaBrowser.Model/Configuration/ServerConfiguration.cs
+++ b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
@@ -181,6 +181,8 @@ namespace MediaBrowser.Model.Configuration
         public string[] CodecsUsed { get; set; }
         public bool EnableChannelView { get; set; }
         public bool EnableExternalContentInSuggestions { get; set; }
+        public bool RequireHttps { get; set; }
+        public bool IsBehindProxy { get; set; }
 
         public int ImageExtractionTimeoutMs { get; set; }