diff --git a/core/bootstrap.rb b/core/bootstrap.rb
index 148136e79..290b4a554 100644
--- a/core/bootstrap.rb
+++ b/core/bootstrap.rb
@@ -50,4 +50,5 @@ require 'core/hbmanager'
 require 'core/main/rest/handlers/hookedbrowsers'
 require 'core/main/rest/handlers/modules'
 require 'core/main/rest/handlers/logs'
+require 'core/main/rest/handlers/admin'
 require 'core/main/rest/api'
diff --git a/core/main/rest/api.rb b/core/main/rest/api.rb
index c6bfafa59..0f8ce0b7c 100644
--- a/core/main/rest/api.rb
+++ b/core/main/rest/api.rb
@@ -35,9 +35,29 @@ module BeEF
         end
       end
 
+      module RegisterAdminHandler
+        def self.mount_handler(server)
+          server.mount('/api/admin', BeEF::Core::Rest::Admin.new)
+        end
+      end
+
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
+
+      #
+      # Check the source IP is within the permitted subnet
+      # This is from extensions/admin_ui/controllers/authentication/authentication.rb
+      #
+      def self.permitted_source?(ip)
+        # get permitted subnet 
+        permitted_ui_subnet = BeEF::Core::Configuration.instance.get("beef.restrictions.permitted_ui_subnet")
+        target_network = IPAddr.new(permitted_ui_subnet)
+        
+        # test if ip within subnet
+        return target_network.include?(ip)
+      end
 
     end
   end
diff --git a/core/main/rest/handlers/hookedbrowsers.rb b/core/main/rest/handlers/hookedbrowsers.rb
index aa269ff88..89379ac7f 100644
--- a/core/main/rest/handlers/hookedbrowsers.rb
+++ b/core/main/rest/handlers/hookedbrowsers.rb
@@ -23,6 +23,7 @@ module BeEF
 
         before do
           error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
           headers 'Content-Type' => 'application/json; charset=UTF-8',
                   'Pragma' => 'no-cache',
                   'Cache-Control' => 'no-cache',
diff --git a/core/main/rest/handlers/logs.rb b/core/main/rest/handlers/logs.rb
index 52a64e089..848e1fd2e 100644
--- a/core/main/rest/handlers/logs.rb
+++ b/core/main/rest/handlers/logs.rb
@@ -23,6 +23,7 @@ module BeEF
 
         before do
           error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
           headers 'Content-Type' => 'application/json; charset=UTF-8',
                   'Pragma' => 'no-cache',
                   'Cache-Control' => 'no-cache',
diff --git a/core/main/rest/handlers/modules.rb b/core/main/rest/handlers/modules.rb
index 5afa85482..61e78209c 100644
--- a/core/main/rest/handlers/modules.rb
+++ b/core/main/rest/handlers/modules.rb
@@ -23,6 +23,7 @@ module BeEF
 
         before do
           error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
           headers 'Content-Type' => 'application/json; charset=UTF-8',
                   'Pragma' => 'no-cache',
                   'Cache-Control' => 'no-cache',