diff --git a/settings/common.py b/settings/common.py
index d57f14c3..81a91568 100644
--- a/settings/common.py
+++ b/settings/common.py
@@ -360,6 +360,7 @@ PROJECT_MODULES_CONFIGURATORS = {
 }
 
 BITBUCKET_VALID_ORIGIN_IPS = ["131.103.20.165", "131.103.20.166"]
+GITLAB_VALID_ORIGIN_IPS = []
 
 # NOTE: DON'T INSERT MORE SETTINGS AFTER THIS LINE
 TEST_RUNNER="django.test.runner.DiscoverRunner"
diff --git a/taiga/hooks/gitlab/api.py b/taiga/hooks/gitlab/api.py
index 59256b1b..384f5daf 100644
--- a/taiga/hooks/gitlab/api.py
+++ b/taiga/hooks/gitlab/api.py
@@ -48,6 +48,11 @@ class GitLabViewSet(BaseWebhookApiViewSet):
         if not project_secret:
             return False
 
+        valid_origin_ips = project.modules_config.config.get("bitbucket", {}).get("valid_origin_ips", settings.GITLAB_VALID_ORIGIN_IPS)
+        origin_ip = get_real_ip(request)
+        if not origin_ip or not origin_ip in valid_origin_ips:
+            return False
+
         return project_secret == secret_key
 
     def _get_project(self, request):
diff --git a/taiga/hooks/gitlab/services.py b/taiga/hooks/gitlab/services.py
index 3b99dff6..2ddd1937 100644
--- a/taiga/hooks/gitlab/services.py
+++ b/taiga/hooks/gitlab/services.py
@@ -27,7 +27,10 @@ def get_or_generate_config(project):
     if config and "gitlab" in config:
         g_config = project.modules_config.config["gitlab"]
     else:
-        g_config = {"secret": uuid.uuid4().hex }
+        g_config = {
+            "secret": uuid.uuid4().hex
+            "valid_origin_ips": settings.GITLAB_VALID_ORIGIN_IPS,
+        }
 
     url = reverse("gitlab-hook-list")
     url = get_absolute_url(url)