diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index d13f9b883f..6766290440 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -158,6 +158,42 @@ DomainServer::DomainServer(int argc, char* argv[]) :
 
 
     qDebug() << "domain-server is running";
+    static const SubnetMask LOCALHOST_MASK { QHostAddress("127.0.0.1"), 32 };
+
+    this->_acIPAddressWhitelist = { LOCALHOST_MASK };
+
+    _settingsManager.getWhitelistAssignmentClientAddresses();
+    auto whitelist = _settingsManager.valueOrDefaultValueForKeyPath("security.ac_address_whitelist").toStringList();
+    for (auto& mask : whitelist) {
+        auto maskParts = mask.trimmed().split("/");
+
+        if (maskParts.size() > 2) {
+            qDebug() << "Ignoring ip in whitelist, malformed: " << mask;
+            continue;
+        }
+
+        // The default netmask is 32 if one has not been specified, which will
+        // match only the ip provided.
+        int netmask = 32;
+
+        if (maskParts.size() == 2) {
+            bool ok;
+            netmask = maskParts[1].toInt(&ok);
+            if (!ok) {
+                qDebug() << "Ignoring ip in whitelist, bad netmask: " << mask;
+                continue;
+            }
+        }
+
+        auto ip = QHostAddress(maskParts[0]);
+
+        if (!ip.isNull()) {
+            qDebug() << "Adding AC whitelist IP: " << mask << " -> " << (ip.toString() + "/" + QString::number(netmask));
+            _acIPAddressWhitelist.push_back({ ip , netmask });
+        } else {
+            qDebug() << "Ignoring ip in whitelist, invalid ip: " << mask;
+        }
+    }
 }
 
 void DomainServer::parseCommandLine() {
diff --git a/domain-server/src/DomainServer.h b/domain-server/src/DomainServer.h
index c14ec5eee0..34c408b621 100644
--- a/domain-server/src/DomainServer.h
+++ b/domain-server/src/DomainServer.h
@@ -36,6 +36,9 @@
 typedef QSharedPointer<Assignment> SharedAssignmentPointer;
 typedef QMultiHash<QUuid, WalletTransaction*> TransactionHash;
 
+using SubnetMask = QPair<QHostAddress, int>;
+using SubnetMaskList = std::vector<QPair<QHostAddress, int>>;
+
 class DomainServer : public QCoreApplication, public HTTPSRequestHandler {
     Q_OBJECT
 public:
@@ -156,6 +159,8 @@ private:
 
     void setupGroupCacheRefresh();
 
+    SubnetMaskList _acIPAddressWhitelist;
+
     DomainGatekeeper _gatekeeper;
 
     HTTPManager _httpManager;