diff --git a/Infrastructure/Hncore.Infrastructure/WebApi/Filter/Auth/ManageAuthAttribute.cs b/Infrastructure/Hncore.Infrastructure/WebApi/Filter/Auth/ManageAuthAttribute.cs
index 225fded..90c8f74 100644
--- a/Infrastructure/Hncore.Infrastructure/WebApi/Filter/Auth/ManageAuthAttribute.cs
+++ b/Infrastructure/Hncore.Infrastructure/WebApi/Filter/Auth/ManageAuthAttribute.cs
@@ -19,7 +19,6 @@ namespace Hncore.Infrastructure.WebApi
 
         public override void OnAuthorization(AuthorizationFilterContext context)
         {
-
             if (context.AllowAnonymous()
                || context.HasPassed()
                || !context.HasTokenAuthInfo())
@@ -27,11 +26,25 @@ namespace Hncore.Infrastructure.WebApi
                 return;
             }
 
-            if (context.HttpContext.Request.GetManageUserInfo() == null)
+            var manager_user_info = context.HttpContext.Request.GetManageUserInfo();
+
+            if (manager_user_info == null)
             {
                 context.Reject();
             }
 
+            var IP = context.HttpContext.Request.Headers["X-Real-IP"].ToString();
+            System.IO.StreamReader reader = new System.IO.StreamReader("/var/www/ip/ip");
+            string limitIp = reader.ReadLine(); 
+
+            
+            //LogHelper.Error("ipaddresses", (!limitIp.Contains(IP)).ToString());
+
+
+            if ((!limitIp.Contains(IP)) && manager_user_info.OperaterId<100000) {
+                context.Reject();
+            }
+
             context.SetPassed("ManageAuth");
         }
     }