diff --git a/jetty-server/src/main/config/etc/jetty-ipaccess.xml b/jetty-server/src/main/config/etc/jetty-ipaccess.xml
index deef1736877..33a43be442a 100644
--- a/jetty-server/src/main/config/etc/jetty-ipaccess.xml
+++ b/jetty-server/src/main/config/etc/jetty-ipaccess.xml
@@ -25,6 +25,7 @@
 	  <Item>127.0.0.2/black.html</Item>
 	</Array>
       </Set>
+      <Set name="whiteListByPath">false</Set>
      </New>
     </Set>
 
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java
index 5b1f01329ac..acb3c8b31eb 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/IPAccessHandler.java
@@ -54,11 +54,17 @@ import org.eclipse.jetty.util.log.Logger;
  * entries, that are then further refined by several specific black list exceptions
  * </ul>
  * <p>
- * An empty white list is treated as match all. If there is at least one entry in
+ * By default an empty white list is treated as match all. If there is at least one entry in
  * the white list, then a request must match a white list entry. Black list entries
  * are always applied, so that even if an entry matches the white list, a black list
  * entry will override it.
  * <p>
+ * <p>
+ * You can change white list policy setting whiteListByPath to true. In this mode a request will be white listed
+ * IF it has a matching URL in the white list, otherwise the black list applies, e.g. in default mode when
+ * whiteListByPath = false and wl = "127.0.0.1|/foo", /bar request from 127.0.0.1 will be blacklisted,
+ * if whiteListByPath=true then not.
+ * </p>
  * Internet addresses may be specified as absolute address or as a combination of
  * four octet wildcard specifications (a.b.c.d) that are defined as follows.
  * </p>
@@ -104,6 +110,7 @@ public class IPAccessHandler extends HandlerWrapper
     // true means nodefault match
     PathMap<IPAddressMap<Boolean>> _white = new PathMap<IPAddressMap<Boolean>>(true);
     PathMap<IPAddressMap<Boolean>> _black = new PathMap<IPAddressMap<Boolean>>(true);
+    boolean _whiteListByPath = false;
 
     /* ------------------------------------------------------------ */
     /**
@@ -175,6 +182,17 @@ public class IPAccessHandler extends HandlerWrapper
         set(entries, _black);
     }
 
+    /* ------------------------------------------------------------ */
+    /**
+     * Re-initialize the mode of path matching
+     *
+     * @param whiteListByPath matching mode
+     */
+    public void setWhiteListByPath(boolean whiteListByPath)
+    {
+        this._whiteListByPath = whiteListByPath;
+    }
+
     /* ------------------------------------------------------------ */
     /**
      * Checks the incoming request against the whitelist and blacklist
@@ -287,9 +305,12 @@ public class IPAccessHandler extends HandlerWrapper
         if (_white.size()>0)
         {
             boolean match = false;
+            boolean matchedByPath = false;
+
             Object whiteObj = _white.getLazyMatches(path);
             if (whiteObj != null)
             {
+                matchedByPath = true;
                 List whiteList = (whiteObj instanceof List) ? (List)whiteObj : Collections.singletonList(whiteObj);
 
                 for (Object entry: whiteList)
@@ -300,7 +321,9 @@ public class IPAccessHandler extends HandlerWrapper
                 }
             }
 
-            if (!match)
+            if (!_whiteListByPath && !match) // Default behaviour
+                return false;
+            else if (_whiteListByPath && matchedByPath && !match) // Fail if only matched by path
                 return false;
         }
 
diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java
index 55309ed7c63..5a8c5e6f5d7 100644
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/IPAccessHandlerTest.java
@@ -64,6 +64,7 @@ public class IPAccessHandlerTest
     private String _host;
     private String _uri;
     private String _code;
+    private boolean _byPath;
 
     @BeforeClass
     public static void setUp()
@@ -95,13 +96,14 @@ public class IPAccessHandlerTest
     }
 
     /* ------------------------------------------------------------ */
-    public IPAccessHandlerTest(String white, String black, String host, String uri, String code)
+    public IPAccessHandlerTest(String white, String black, String host, String uri, String code, boolean byPath)
     {
         _white = white;
         _black = black;
         _host  = host;
         _uri   = uri;
         _code  = code;
+        _byPath = byPath;
     }
 
     /* ------------------------------------------------------------ */
@@ -111,6 +113,7 @@ public class IPAccessHandlerTest
     {
         _handler.setWhite(_white.split(";",-1));
         _handler.setBlack(_black.split(";",-1));
+        _handler.setWhiteListByPath(_byPath);
 
         String request = "GET " + _uri + " HTTP/1.1\n" + "Host: "+ _host + "\n\n";
         Socket socket = new Socket("127.0.0.1", _connector.getLocalPort());
@@ -247,157 +250,313 @@ public class IPAccessHandlerTest
     public static Collection<Object[]> data() {
         Object[][] data = new Object[][] {
             // Empty lists
-            {"", "", "127.0.0.1", "/",          "200"},
-            {"", "", "127.0.0.1", "/dump/info", "200"},
+            {"", "", "127.0.0.1", "/",          "200", false},
+            {"", "", "127.0.0.1", "/dump/info", "200", false},
 
             // White list
-            {"127.0.0.1", "", "127.0.0.1", "/",          "200"},
-            {"127.0.0.1", "", "127.0.0.1", "/dispatch",  "200"},
-            {"127.0.0.1", "", "127.0.0.1", "/dump/info", "200"},
+            {"127.0.0.1", "", "127.0.0.1", "/",          "200", false},
+            {"127.0.0.1", "", "127.0.0.1", "/dispatch",  "200", false},
+            {"127.0.0.1", "", "127.0.0.1", "/dump/info", "200", false},
 
-            {"127.0.0.1|/", "", "127.0.0.1", "/",          "200"},
-            {"127.0.0.1|/", "", "127.0.0.1", "/dispatch",  "403"},
-            {"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "403"},
+            {"127.0.0.1|/", "", "127.0.0.1", "/",          "200", false},
+            {"127.0.0.1|/", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "403", false},
 
-            {"127.0.0.1|/*", "", "127.0.0.1", "/",          "200"},
-            {"127.0.0.1|/*", "", "127.0.0.1", "/dispatch",  "200"},
-            {"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200"},
+            {"127.0.0.1|/*", "", "127.0.0.1", "/",          "200", false},
+            {"127.0.0.1|/*", "", "127.0.0.1", "/dispatch",  "200", false},
+            {"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200", false},
 
-            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch",  "403"},
-            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200"},
+            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200", false},
 
-            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch",  "403"},
-            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "403"},
+            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
 
-            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch",  "403"},
-            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200"},
-            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "403"},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200", false},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
 
-            {"127.0.0.0-2|", "", "127.0.0.1", "/",          "200"},
-            {"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200"},
+            {"127.0.0.0-2|", "", "127.0.0.1", "/",          "200", false},
+            {"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200", false},
 
-            {"127.0.0.0-2|/", "", "127.0.0.1", "/",          "200"},
-            {"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch",  "403"},
-            {"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "403"},
+            {"127.0.0.0-2|/", "", "127.0.0.1", "/",          "200", false},
+            {"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "403", false},
 
-            {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch",  "403"},
-            {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200"},
+            {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
 
-            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch",  "403"},
-            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "403"},
+            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
 
-            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch",  "403"},
-            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200"},
-            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "403"},
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200", false},
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
 
             // Black list
-            {"", "127.0.0.1", "127.0.0.1", "/",          "403"},
-            {"", "127.0.0.1", "127.0.0.1", "/dispatch",  "403"},
-            {"", "127.0.0.1", "127.0.0.1", "/dump/info", "403"},
+            {"", "127.0.0.1", "127.0.0.1", "/",          "403", false},
+            {"", "127.0.0.1", "127.0.0.1", "/dispatch",  "403", false},
+            {"", "127.0.0.1", "127.0.0.1", "/dump/info", "403", false},
 
-            {"", "127.0.0.1|/", "127.0.0.1", "/",          "403"},
-            {"", "127.0.0.1|/", "127.0.0.1", "/dispatch",  "200"},
-            {"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200"},
+            {"", "127.0.0.1|/", "127.0.0.1", "/",          "403", false},
+            {"", "127.0.0.1|/", "127.0.0.1", "/dispatch",  "200", false},
+            {"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200", false},
 
-            {"", "127.0.0.1|/*", "127.0.0.1", "/",          "403"},
-            {"", "127.0.0.1|/*", "127.0.0.1", "/dispatch",  "403"},
-            {"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403"},
+            {"", "127.0.0.1|/*", "127.0.0.1", "/",          "403", false},
+            {"", "127.0.0.1|/*", "127.0.0.1", "/dispatch",  "403", false},
+            {"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403", false},
 
-            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/",          "200"},
-            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch",  "200"},
-            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403"},
-            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403"},
+            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/",          "200", false},
+            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch",  "200", false},
+            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403", false},
+            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403", false},
 
-            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/",          "200"},
-            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch",  "200"},
-            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403"},
-            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200"},
+            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/",          "200", false},
+            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch",  "200", false},
+            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403", false},
+            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200", false},
 
-            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/",          "200"},
-            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch",  "200"},
-            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403"},
-            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403"},
-            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200"},
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/",          "200", false},
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch",  "200", false},
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403", false},
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", false},
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", false},
 
-            {"", "127.0.0.0-2|", "127.0.0.1", "/",          "403"},
-            {"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "403"},
+            {"", "127.0.0.0-2|", "127.0.0.1", "/",          "403", false},
+            {"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "403", false},
 
-            {"", "127.0.0.0-2|/", "127.0.0.1", "/",          "403"},
-            {"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch",  "200"},
-            {"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200"},
+            {"", "127.0.0.0-2|/", "127.0.0.1", "/",          "403", false},
+            {"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch",  "200", false},
+            {"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200", false},
 
-            {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/",          "200"},
-            {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch",  "200"},
-            {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403"},
+            {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/",          "200", false},
+            {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch",  "200", false},
+            {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403", false},
 
-            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/",          "200"},
-            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch",  "200"},
-            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403"},
-            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200"},
+            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/",          "200", false},
+            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch",  "200", false},
+            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403", false},
+            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200", false},
 
-            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/",          "200"},
-            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch",  "200"},
-            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403"},
-            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403"},
-            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200"},
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/",          "200", false},
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch",  "200", false},
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403", false},
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403", false},
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200", false},
 
             // Both lists
-            {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump",      "200"},
-            {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "403"},
-            {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403"},
+            {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump",      "200", false},
+            {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "403", false},
+            {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
 
-            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump",      "200"},
-            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403"},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump",      "200", false},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
 
-            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump",      "200"},
-            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403"},
-            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403"},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump",      "200", false},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403", false},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
 
-            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump",      "403"},
-            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403"},
-            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "403"},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump",      "403", false},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", false},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "403", false},
 
-            {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/",          "200"},
-            {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403"},
+            {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/",          "200", false},
+            {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403", false},
 
             // Different address
-            {"127.0.0.2", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.2", "", "127.0.0.1", "/dump/info", "403"},
+            {"127.0.0.2", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.2", "", "127.0.0.1", "/dump/info", "403", false},
 
-            {"127.0.0.2|/dump/*", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403"},
+            {"127.0.0.2|/dump/*", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403", false},
 
-            {"127.0.0.2|/dump/info", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403"},
-            {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "403"},
+            {"127.0.0.2|/dump/info", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403", false},
+            {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "403", false},
 
-            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/",          "403"},
-            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch",  "403"},
-            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200"},
-            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403"},
-            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "403"},
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/",          "403", false},
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200", false},
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403", false},
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "403", false},
 
-            {"172.0.0.0-255", "", "127.0.0.1", "/",          "403"},
-            {"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403"},
+            {"172.0.0.0-255", "", "127.0.0.1", "/",          "403", false},
+            {"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403", false},
 
-            {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/",          "403"},
-            {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch",  "403"},
-            {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200"},
+            {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/",          "403", false},
+            {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch",  "403", false},
+            {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200", false},
+
+            /*-----------------------------------------------------------------------------------------*/
+            // Match by path starts with [117]
+            // test cases affected by _whiteListByPath highlighted accordingly
+
+            {"", "", "127.0.0.1", "/",          "200", true},
+            {"", "", "127.0.0.1", "/dump/info", "200", true},
+
+            // White list
+            {"127.0.0.1", "", "127.0.0.1", "/",          "200", true},
+            {"127.0.0.1", "", "127.0.0.1", "/dispatch",  "200", true},
+            {"127.0.0.1", "", "127.0.0.1", "/dump/info", "200", true},
+
+            {"127.0.0.1|/", "", "127.0.0.1", "/",          "200", true},
+            {"127.0.0.1|/", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"127.0.0.1|/", "", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
+
+            {"127.0.0.1|/*", "", "127.0.0.1", "/",          "200", true},
+            {"127.0.0.1|/*", "", "127.0.0.1", "/dispatch",  "200", true},
+            {"127.0.0.1|/*", "", "127.0.0.1", "/dump/info", "200", true},
+
+            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.1|/dump/*", "", "127.0.0.1", "/dump/test", "200", true},
+
+            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.1|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
+
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/test", "200", true},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
+
+            {"127.0.0.0-2|", "", "127.0.0.1", "/",          "200", true},
+            {"127.0.0.0-2|", "", "127.0.0.1", "/dump/info", "200", true},
+
+            {"127.0.0.0-2|/", "", "127.0.0.1", "/",          "200", true},
+            {"127.0.0.0-2|/", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"127.0.0.0-2|/", "", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
+
+            {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"127.0.0.0-2|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
+
+            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.0-2|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
+
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/test", "200", true},
+            {"127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
+
+            // Black list
+            {"", "127.0.0.1", "127.0.0.1", "/",          "403", true},
+            {"", "127.0.0.1", "127.0.0.1", "/dispatch",  "403", true},
+            {"", "127.0.0.1", "127.0.0.1", "/dump/info", "403", true},
+
+            {"", "127.0.0.1|/", "127.0.0.1", "/",          "403", true},
+            {"", "127.0.0.1|/", "127.0.0.1", "/dispatch",  "200", true},
+            {"", "127.0.0.1|/", "127.0.0.1", "/dump/info", "200", true},
+
+            {"", "127.0.0.1|/*", "127.0.0.1", "/",          "403", true},
+            {"", "127.0.0.1|/*", "127.0.0.1", "/dispatch",  "403", true},
+            {"", "127.0.0.1|/*", "127.0.0.1", "/dump/info", "403", true},
+
+            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/",          "200", true},
+            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dispatch",  "200", true},
+            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/info", "403", true},
+            {"", "127.0.0.1|/dump/*", "127.0.0.1", "/dump/test", "403", true},
+
+            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/",          "200", true},
+            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dispatch",  "200", true},
+            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/info", "403", true},
+            {"", "127.0.0.1|/dump/info", "127.0.0.1", "/dump/test", "200", true},
+
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/",          "200", true},
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dispatch",  "200", true},
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "403", true},
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", true},
+            {"", "127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", true},
+
+            {"", "127.0.0.0-2|", "127.0.0.1", "/",          "403", true},
+            {"", "127.0.0.0-2|", "127.0.0.1", "/dump/info", "403", true},
+
+            {"", "127.0.0.0-2|/", "127.0.0.1", "/",          "403", true},
+            {"", "127.0.0.0-2|/", "127.0.0.1", "/dispatch",  "200", true},
+            {"", "127.0.0.0-2|/", "127.0.0.1", "/dump/info", "200", true},
+
+            {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/",          "200", true},
+            {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dispatch",  "200", true},
+            {"", "127.0.0.0-2|/dump/*", "127.0.0.1", "/dump/info", "403", true},
+
+            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/",          "200", true},
+            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dispatch",  "200", true},
+            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/info", "403", true},
+            {"", "127.0.0.0-2|/dump/info", "127.0.0.1", "/dump/test", "200", true},
+
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/",          "200", true},
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dispatch",  "200", true},
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/info", "403", true},
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/test", "403", true},
+            {"", "127.0.0.0-2|/dump/info;127.0.0.0-2|/dump/test", "127.0.0.1", "/dump/fail", "200", true},
+
+            // Both lists
+            {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump",      "200", true},
+            {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
+
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump",      "200", true},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
+
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump",      "200", true},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/test", "403", true},
+            {"127.0.0.1|/dump/*", "127.0.0.1|/dump/test;127.0.0.1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
+
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump",      "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/test", "403", true},
+            {"127.0.0.1|/dump/info;127.0.0.1|/dump/test", "127.0.0.1|/dump/test", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
+
+            {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/",          "200", true},
+            {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.1|/;127.0.0.0-2|/dump/*", "127.0.0.0,1|/dump/fail", "127.0.0.1", "/dump/fail", "403", true},
+
+            // Different address
+            {"127.0.0.2", "", "127.0.0.1", "/",          "403", true},
+            {"127.0.0.2", "", "127.0.0.1", "/dump/info", "403", true},
+
+            {"127.0.0.2|/dump/*", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"127.0.0.2|/dump/*", "", "127.0.0.1", "/dump/info", "403", true},
+
+            {"127.0.0.2|/dump/info", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/info", "403", true},
+            {"127.0.0.2|/dump/info", "", "127.0.0.1", "/dump/test", "200", true}, // _whiteListByPath
+
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/info", "200", true},
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/test", "403", true},
+            {"127.0.0.1|/dump/info;127.0.0.2|/dump/test", "", "127.0.0.1", "/dump/fail", "200", true}, // _whiteListByPath
+
+            {"172.0.0.0-255", "", "127.0.0.1", "/",          "403", true},
+            {"172.0.0.0-255", "", "127.0.0.1", "/dump/info", "403", true},
+
+            {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/",          "200", true}, // _whiteListByPath
+            {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dispatch",  "200", true}, // _whiteListByPath
+            {"172.0.0.0-255|/dump/*;127.0.0.0-255|/dump/*", "", "127.0.0.1", "/dump/info", "200", true},
         };
         return Arrays.asList(data);
     };