Putting a reverse proxy in front of Web Access means that the IP address it will see is that of the proxy, not that of the actual client. This also means that any address given to PAM etc. will not be terribly useful.
A well behaved proxy will set up X-Forwarded-For or X-Real-IP with the proper address of the client. However there is no authentication of this information so Web Access doesn't know if it should trust it or not. Some manual configuration will be needed to set up this trust.