diff --git a/README.md b/README.md
index 93c4086d..92c252cb 100644
--- a/README.md
+++ b/README.md
@@ -223,6 +223,7 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo
 * `passwordPolicy` - Optional password policy rules to enforce.
 * `customPages` - A hash with urls to override email verification links, password reset links and specify frame url for masking user-facing pages. Available keys: `parseFrameURL`, `invalidLink`, `choosePassword`, `passwordResetSuccess`, `verifyEmailSuccess`.
 * `middleware` - (CLI only), a module name, function that is an express middleware. When using the CLI, the express app will load it just **before** mounting parse-server on the mount path. This option is useful for injecting a monitoring middleware.
+* `masterKeyIps` - The array of ip addresses where masterKey usage will be restricted to only these ips. (Default to [] which means allow all ips). If you're using this feature and have `useMasterKey: true` in cloudcode, make sure that you put your own ip in this list.
 
 ##### Logging
 
diff --git a/src/middlewares.js b/src/middlewares.js
index 11349a51..5afac5f1 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -111,8 +111,7 @@ export function handleParseHeaders(req, res, next) {
   req.config.headers = req.headers || {};
   req.info = info;
 
-  const ip = getClientIp(req);
-  if (info.masterKey && req.config.masterKeyIps && req.config.masterKeyIps.length !== 0 && req.config.masterKeyIps.indexOf(ip) === -1) {
+  if (info.masterKey && req.config.masterKeyIps && req.config.masterKeyIps.length !== 0 && req.config.masterKeyIps.indexOf(getClientIp(req)) === -1) {
     return invalidRequest(req, res);
   }