diff --git a/src/Middleware/InternalApi.php b/src/Middleware/InternalApi.php
index 2068e35..06a9cef 100644
--- a/src/Middleware/InternalApi.php
+++ b/src/Middleware/InternalApi.php
@@ -15,6 +15,18 @@ class InternalApi
         app()->configure('internal_api');
     }
 
+    private function isClientIPPermitted ($ip) {
+        if (!app()->environment('production', 'staging')) {
+            return true;
+        }
+        if (Str::startsWith($ip, [
+            '127.0.0.', '192.168.', '10.0.',
+        ])) {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * Handle an incoming request.
      *
@@ -25,11 +37,8 @@ class InternalApi
     public function handle($request, Closure $next)
     {
         $ip = $request->getClientIp();
-
-        if (!Str::startsWith($ip, [
-            '127.0.0.', '192.168.', '10.0.'
-        ])) {
-            return new JsonResponse('', 404);
+        if (!$this->isClientIPPermitted($ip)) {
+            return new JsonResponse("$ip is forbidden", 403);
         }
 
         $params = $request->all();