diff --git a/bin/apisix b/bin/apisix
index 9562027e82de..56114f9b4702 100755
--- a/bin/apisix
+++ b/bin/apisix
@@ -146,8 +146,11 @@ http {
         listen {* port_admin *};
 
         location /apisix/admin {
-            allow {*allow_admin*};
+            {% for _, allow_ip in ipairs(allow_admin) do %}
+            allow {*allow_ip*};
+            {% end %}
             deny all;
+
             content_by_lua_block {
                 apisix.http_admin()
             }
@@ -173,8 +176,11 @@ http {
 
         {% if enable_admin and not port_admin then %}
         location /apisix/admin {
-            allow {*allow_admin*};
+            {% for _, allow_ip in ipairs(allow_admin) do %}
+            allow {*allow_ip*};
+            {% end %}
             deny all;
+
             content_by_lua_block {
                 apisix.http_admin()
             }
@@ -356,8 +362,6 @@ local function init()
         sys_conf[k] = v
     end
 
-    -- print(sys_conf.allow_admin)
-
     local conf_render = template.compile(ngx_tpl)
     local ngxconf = conf_render(sys_conf)
 
diff --git a/conf/config.yaml b/conf/config.yaml
index 6169b7111a60..4c853dc3d0a6 100644
--- a/conf/config.yaml
+++ b/conf/config.yaml
@@ -1,10 +1,11 @@
 apisix:
-  node_listen: 9080             # Apisix listening port
+  node_listen: 9080             # APISIX listening port
   node_ssl_listen: 9443
   enable_heartbeat: true
   enable_admin: true
   enable_debug: false
-  allow_admin: "127.0.0.0/24"
+  allow_admin:                    # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
+    - 127.0.0.0/24
   real_ip_header: "X-Real-IP"     # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
   real_ip_from:                   # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
     - 127.0.0.1