diff --git a/config/application.yml.sample b/config/application.yml.sample
index c38ed919a..6dc45176f 100644
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@@ -5,6 +5,8 @@ common: &common
   preregistration: false
   file_store_url: 'http://file-store.rosalinux.ru'
   distr_types: ['mdv', 'rhel', 'nau5']
+  allowed_addresses:
+    - 127.0.0.1
   abf_worker:
     publish_workers_count: 2
   keys:
diff --git a/lib/api_defender.rb b/lib/api_defender.rb
index dd3489a7b..de24917d2 100644
--- a/lib/api_defender.rb
+++ b/lib/api_defender.rb
@@ -51,7 +51,9 @@ class ApiDefender < Rack::Throttle::Hourly
 
   # only API calls should be throttled
   def need_defense?(request)
-    request.env['PATH_INFO'] =~ /^\/api\/v1\// && !system_user?(request)
+    APP_CONFIG['allowed_addresses'].exclude?(request.ip) &&
+      request.env['PATH_INFO'] =~ /^\/api\/v1\// &&
+      !system_user?(request)
   end
 
   def authorized?(request)