diff --git a/go/security/guard.go b/go/security/guard.go
index bde938dba..b93845448 100644
--- a/go/security/guard.go
+++ b/go/security/guard.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+        "regexp"
 	"net/http"
 
 	"github.com/chrislusf/seaweedfs/go/glog"
@@ -88,6 +89,26 @@ func (g *Guard) checkWhiteList(w http.ResponseWriter, r *http.Request) error {
 	host, _, err := net.SplitHostPort(r.RemoteAddr)
 	if err == nil {
 		for _, ip := range g.whiteList {
+
+                        // If the whitelist entry contains a "/" it
+                        // is a CIDR range, and we should check the
+                        // remote host is within it
+                        match, _ := regexp.MatchString("/", ip)
+                        if ( match ) {
+                               _, cidrnet, err := net.ParseCIDR(ip)
+                               if err != nil {
+                               		panic(err)
+                               }
+                               remote := net.ParseIP(host)
+                               if cidrnet.Contains(remote) {
+                               		return nil
+                               }
+                        }
+
+
+                        //
+                        // Otherwise we're looking for a literal match.
+                        //
 			if ip == host {
 				return nil
 			}