diff --git a/resources/check_auth.php b/resources/check_auth.php
index 745bba9322..f9591a9592 100644
--- a/resources/check_auth.php
+++ b/resources/check_auth.php
@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2019
+	Portions created by the Initial Developer are Copyright (C) 2008-2021
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -72,6 +72,52 @@
 			$auth->debug = false;
 			$result = $auth->validate();
 			if ($result["authorized"] === "true") {
+
+				//get the user settings
+					$sql = "select * from v_user_settings ";
+					$sql .= "where domain_uuid = :domain_uuid ";
+					$sql .= "and user_uuid = :user_uuid ";
+					$sql .= "and user_setting_enabled = 'true' ";
+					$parameters['domain_uuid'] = $result["domain_uuid"];
+					$parameters['user_uuid'] = $result["user_uuid"];
+					$database = new database;
+					$user_settings = $database->select($sql, $parameters, 'all');
+					unset($sql, $parameters);
+
+				//build the user cidr array
+					if (is_array($user_settings) && @sizeof($user_settings) != 0) {
+						foreach ($user_settings as $row) {
+							if ($row['user_setting_category'] == "domain" && $row['user_setting_subcategory'] == "cidr" && $row['user_setting_name'] == "array") {
+								$cidr_array[] = $row['user_setting_value'];
+							}
+						}
+					}
+
+				//check to see if user address is in the cidr array
+					if (isset($cidr_array) && !defined('STDIN')) {
+						$found = false;
+						foreach($cidr_array as $cidr) {
+							if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
+								$found = true;
+								break;
+							}
+						}
+						if (!$found) {
+							//destroy session
+							session_unset();
+							session_destroy();
+
+							//send http 403
+							header('HTTP/1.0 403 Forbidden', true, 403);
+
+							//redirect to the root of the website
+							header("Location: ".PROJECT_PATH."/login.php");
+
+							//exit the code
+							exit();
+						}
+					}
+
 				//set the session variables
 					$_SESSION["domain_uuid"] = $result["domain_uuid"];
 					//$_SESSION["domain_name"] = $result["domain_name"];
@@ -166,16 +212,8 @@
 			}
 
 		//get the user settings
-			$sql = "select * from v_user_settings ";
-			$sql .= "where domain_uuid = :domain_uuid ";
-			$sql .= "and user_uuid = :user_uuid ";
-			$sql .= "and user_setting_enabled = 'true' ";
-			$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
-			$parameters['user_uuid'] = $_SESSION["user_uuid"];
-			$database = new database;
-			$result = $database->select($sql, $parameters, 'all');
-			if (is_array($result) && @sizeof($result) != 0) {
-				foreach ($result as $row) {
+			if (is_array($user_settings) && @sizeof($user_settings) != 0) {
+				foreach ($user_settings as $row) {
 					$name = $row['user_setting_name'];
 					$category = $row['user_setting_category'];
 					$subcategory = $row['user_setting_subcategory'];
@@ -201,7 +239,7 @@
 					}
 				}
 			}
-			unset($sql, $parameters, $result, $row);
+			unset($user_settings);
 
 		//get the extensions that are assigned to this user
 			if (file_exists($_SERVER["PROJECT_ROOT"]."/app/extensions/app_config.php")) {