diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index a23f028152e..8c56dc9d5af 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -48,7 +48,7 @@ class Auth::DefaultCurrentUserProvider
     if auth_token && auth_token.length == 32
       limiter = RateLimiter.new(nil, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN , 60)
 
-      if limiter.can_perform?
+      if request.ip == "127.0.0.1" || request.ip == "::1" || limiter.can_perform?
         @user_token = UserAuthToken.lookup(auth_token,
                                            seen: true,
                                            user_agent: @env['HTTP_USER_AGENT'],