diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf
index a3f7ccf22b..39f9018484 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf
@@ -27,7 +27,15 @@ ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
   AuthName "Candidate Registry Authentication"
   AuthType Basic
   AuthUserFile /etc/httpd/conf.d/candidate-registry.fedoraproject.org/passwd
-  Require valid-user
+
+  <RequireAny>
+    Require valid-user
+    <RequireAll>
+      Require not ip 10.5
+      # This require is because otherwise apache thinks the Require not ip is useless
+      Require method GET
+    </RequireAll>
+  </RequireAny>
 </Location>
 
 # But we allow random pulling by anyone without auth