diff --git a/files/pagure.cfg.sample b/files/pagure.cfg.sample
index 0ee815f..f346ecd 100644
--- a/files/pagure.cfg.sample
+++ b/files/pagure.cfg.sample
@@ -101,6 +101,11 @@ SHORT_LENGTH = 6
 ### or other
 BLACKLISTED_PROJECTS = ['static', 'pv']
 
+### IP addresses allowed to access the internal endpoints
+### These endpoints are used by the milter and are security sensitive, thus
+### the IP filter
+IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1']
+
 
 # Authentication related configuration option
 
diff --git a/pagure/default_config.py b/pagure/default_config.py
index 3975ed2..bdad85d 100644
--- a/pagure/default_config.py
+++ b/pagure/default_config.py
@@ -41,6 +41,9 @@ ITEM_PER_PAGE = 50
 # Maximum size of the uploaded content
 MAX_CONTENT_LENGTH = 4 * 1024 * 1024  # 4 megabytes
 
+# IP addresses allowed to access the internal endpoints
+IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1']
+
 # Folder containing to the git repos
 GIT_FOLDER = os.path.join(
     os.path.abspath(os.path.dirname(__file__)),
diff --git a/pagure/internal/__init__.py b/pagure/internal/__init__.py
index 3bc4aa6..a21660d 100644
--- a/pagure/internal/__init__.py
+++ b/pagure/internal/__init__.py
@@ -38,8 +38,9 @@ def localonly(function):
     def decorated_function(*args, **kwargs):
         ''' Wrapped function actually checking if the request is local.
         '''
-        if flask.request.remote_addr not in [
-                '127.0.0.1', 'localhost', '::1']:
+        ip_allowed = pagure.APP.config.get(
+            'IP_ALLOWED_INTERNAL', ['127.0.0.1', 'localhost', '::1'])
+        if flask.request.remote_addr not in ip_allowed:
             flask.abort(403)
         else:
             return function(*args, **kwargs)