diff --git a/Dockerfile b/Dockerfile
index 8c3e71cc3d54ef684f6472fd632f419b023fb028..87c545b4c77f15376aeea7c5893575f42bf3c968 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,6 +10,7 @@ ENV ALLOW_RESTARTS=0 \
DISTRIBUTION=0 \
EVENTS=1 \
EXEC=0 \
+ GRPC=0 \
IMAGES=0 \
INFO=0 \
LOG_LEVEL=info \
diff --git a/README.md b/README.md
index 2d2f57df1e4130b795eb78eec5784e29d369aca8..2845fb05f932e59fe06f3d491756018367f66d51 100644
--- a/README.md
+++ b/README.md
@@ -127,6 +127,7 @@ extremely critical but can expose some information that your service does not ne
- `CONTAINERS`
- `DISTRIBUTION`
- `EXEC`
+- `GRPC`
- `IMAGES`
- `INFO`
- `NETWORKS`
diff --git a/haproxy.cfg b/haproxy.cfg
index 78bdf37d0b7490776b9be21f7937df5166e44355..495ca7b484ab40a8a50753acce8771d22db13a99 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -51,6 +51,7 @@ frontend dockerfrontend
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool }
+ http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool }
diff --git a/tests/test_service.py b/tests/test_service.py
index 097a9063762dde44a5b63b4d5c564f9089c31ccc..2d38aa17ee3ffc788342e78533b211dcd3435e15 100644
--- a/tests/test_service.py
+++ b/tests/test_service.py
@@ -34,6 +34,7 @@ def test_default_permissions(proxy_factory):
("info",),
("system", "info"),
("build", "."),
+ ("buildx build", "."),
("swarm", "init"),
)
_check_permissions(allowed_calls, forbidden_calls)