diff --git a/docker-compose.yml b/docker-compose.yml
index 88db449606dbc9fac8445abcff464178907da782..caea869f42ffa6d8c1f97a3047501f478104d9ea 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,6 +26,7 @@ services:
     environment:
       OBS_FRONTEND_HOST: frontend
       OBS_BACKEND_HOST: backend
+      OBS_TRUST_PRIVATE_NET: 'yes'
     ports:
       - "127.0.0.1:8080:8080"
 
diff --git a/docker/backend-docker-entrypoint.sh b/docker/backend-docker-entrypoint.sh
index 671228854902f38316c8d01d8d6bda28605ad270..43b2c6313f359a6bc31bb207849a7bd9d59d19f1 100755
--- a/docker/backend-docker-entrypoint.sh
+++ b/docker/backend-docker-entrypoint.sh
@@ -54,4 +54,7 @@ then
     mv /etc/supervisor/conf.d/obssigner.conf /etc/supervisor/conf.d/obssigner.conf.disabled
 fi
 
+: ${OBS_TRUST_PRIVATE_NET:=1}
+export OBS_TRUST_PRIVATE_NET
+
 exec /usr/bin/supervisord -n
diff --git a/src/backend/BSConfiguration.pm b/src/backend/BSConfiguration.pm
index 9e095a564e9ebcf8aaa50b7576cbd609f44179c0..2cad9bb0cb527f1fd14df0788b7cdc4603e36f12 100644
--- a/src/backend/BSConfiguration.pm
+++ b/src/backend/BSConfiguration.pm
@@ -94,4 +94,11 @@ $BSConfig::cloudupload_pubkey       = $BSConfig::cloudupload_pubkey       || '/e
 
 $BSConfig::redisserver = undef unless $BSConfig::redisserver;
 
+if (grep {($ENV{'OBS_TRUST_PRIVATE_NET'} || '') eq $_} qw(1 yes true)) {
+  $BSConfig::ipaccess->{'^172\.1[6-9]\..*'} = 'rw';
+  $BSConfig::ipaccess->{'^172\.2[0-9]\..*'} = 'rw';
+  $BSConfig::ipaccess->{'^172\.3[01]\..*'} = 'rw';
+  $BSConfig::ipaccess->{'^192\.168\..*'} = 'rw';
+}
+
 1;