diff --git a/app/coffee/modules/admin/third-parties.coffee b/app/coffee/modules/admin/third-parties.coffee
index a341721a..a515acec 100644
--- a/app/coffee/modules/admin/third-parties.coffee
+++ b/app/coffee/modules/admin/third-parties.coffee
@@ -302,3 +302,24 @@ BitbucketWebhooksDirective = ($repo, $confirm, $loading) ->
     return {link:link}
 
 module.directive("tgBitbucketWebhooks", ["$tgRepo", "$tgConfirm", "$tgLoading", BitbucketWebhooksDirective])
+
+
+#############################################################################
+## Valid Origin IP's Directive
+#############################################################################
+ValidOriginIpsDirective = ->
+    link = ($scope, $el, $attrs, $ngModel) ->
+      $ngModel.$parsers.push (value) ->
+          value = $.trim(value)
+          if value == ""
+              return []
+
+          return value.split(",")
+
+    return {
+        link: link
+        restrict: "EA"
+        require: "ngModel"
+    }
+
+module.directive("tgValidOriginIps", ValidOriginIpsDirective)
diff --git a/app/partials/admin-third-parties-bitbucket.jade b/app/partials/admin-third-parties-bitbucket.jade
index 4bb006ee..dfde8acb 100644
--- a/app/partials/admin-third-parties-bitbucket.jade
+++ b/app/partials/admin-third-parties-bitbucket.jade
@@ -13,6 +13,10 @@ block content
             include views/components/mainTitle
 
             form
+                fieldset
+                    label(for="valid-origin-ips") Valid origin ips (separated by ,) <br/>Bitbucket requests are not signed so the best way of verifying the origin is by IP. If the field is empty there will be no IP validation.
+                    input(type="text", name="valid-origin-ips", tg-valid-origin-ips, ng-model="bitbucket.valid_origin_ips", placeholder="Valid origin ips", id="valid-origin-ips")
+
                 fieldset
                     label(for="secret-key") Secret key
                     input(type="text", name="secret-key", ng-model="bitbucket.secret", placeholder="Secret key", id="secret-key")
diff --git a/app/partials/admin-third-parties-gitlab.jade b/app/partials/admin-third-parties-gitlab.jade
index 1aa9e78e..1e0af9cf 100644
--- a/app/partials/admin-third-parties-gitlab.jade
+++ b/app/partials/admin-third-parties-gitlab.jade
@@ -13,6 +13,10 @@ block content
             include views/components/mainTitle
 
             form
+                fieldset
+                    label(for="valid-origin-ips") Valid origin ips (separated by ,) <br/>Gitlab requests are not signed so the best way of verifying the origin is by IP. If the field is empty there will be no IP validation.
+                    input(type="text", name="valid-origin-ips", tg-valid-origin-ips, ng-model="gitlab.valid_origin_ips", placeholder="Valid origin ips", id="valid-origin-ips")
+
                 fieldset
                     label(for="secret-key") Secret key
                     input(type="text", name="secret-key", ng-model="gitlab.secret", placeholder="Secret key", id="secret-key")