diff --git a/pwpusher_private/config.php b/pwpusher_private/config.php
index 5c722a0..9c3fe7e 100644
--- a/pwpusher_private/config.php
+++ b/pwpusher_private/config.php
@@ -47,6 +47,13 @@
     //Maximum life of a shared credential/password (in minutes).
     $credMaxLife = (60 * 24 * 90); //90 days
 
+    //IP Whitelist for creating credentials
+    //Whitelist is an array of CIDR notation IP addresses
+    $checkCreatorIpWhitelist = true;
+    $creatorIpWhitelist = array(
+        "10.20.0.0/16"
+    );
+
     
 //Email:
     
diff --git a/pwpusher_private/security.php b/pwpusher_private/security.php
index d609443..4340998 100644
--- a/pwpusher_private/security.php
+++ b/pwpusher_private/security.php
@@ -120,4 +120,33 @@ function getSalt()
 {
     $salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22);
     return $salt;
-}
\ No newline at end of file
+}
+
+/**
+ * Check if the client if an ip is in array of supplied CIDR notation IP ranges
+ *
+ * @return bool $validIp
+ */
+function ipInList($ipString, $cidrArray)
+{
+    $validIp = false;
+    $ipLong = ip2long($ipString);
+    foreach ($cidrArray as $cidr)
+        {
+            try
+            {
+                list ($ipWhite, $cidrNum) = explode('/', $cidr);
+                $ipWhiteLong = ip2long($ipWhite);
+                $netmask = -1 << (32 - (int)$cidrNum);
+                if (($ipLong & $netmask) == ($ipWhiteLong & $netmask))
+                {
+                    $validIp = true;
+                }
+            }
+            catch (Error $error)
+            {
+
+            }
+        }
+    return $validIp;
+}
diff --git a/pwpusher_public/pw.php b/pwpusher_public/pw.php
index 5f10ffd..7f88103 100644
--- a/pwpusher_public/pw.php
+++ b/pwpusher_public/pw.php
@@ -13,12 +13,25 @@
 require '../pwpusher_private/interface.php';
 require '../pwpusher_private/CAS/CAS.php';
 
+// check if we need to check for white listing
+$creatorIpOk = !$checkCreatorIpWhitelist;
+if ($checkCreatorIpWhitelist)
+{
+    $creatorIpOk = false;
+    $ipClientString = $_SERVER['REMOTE_ADDR'];
+    $creatorIpOk = ipInList($ipClientString, $creatorIpWhitelist);
+}
+
 //Print the header
 print getHeader();
 
 //Print the navbar
 /** @noinspection PhpToStringImplementationInspection */
-print getNavBar();
+if ($creatorIpOk)
+{
+    print getNavBar();
+}
+
 
 //Find user arguments, if any.
 $arguments = getArguments();
@@ -37,7 +50,7 @@
 }
 
 //If the form function argument doesn't exist, print the form for the user.
-if ($arguments['func'] == 'none' || $arguments == false) {
+if ($arguments['func'] == 'none' || $arguments == false && $creatorIpOk) {
 
     //Force CAS Authentication in order to load the form
     if ($requireCASAuth) {
@@ -64,7 +77,7 @@
     //Get form elements
     print getFormElements();
 
-} elseif ($arguments['func'] == 'post') {
+} elseif ($arguments['func'] == 'post' && $creatorIpOk) {
 
     //Force CAS Authentication in order to post the form
     if ($requireCASAuth) {