diff --git a/Dockerfile b/Dockerfile
index c66b1f9..6b4bc16 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,6 +2,7 @@ FROM haproxy:1.7-alpine
 LABEL maintainer="Tecnativa <info@tecnativa.com>"
 
 EXPOSE 2375
+VOLUME /run/docker-filtered
 ENV AUTH=0 \
     BUILD=0 \
     COMMIT=0 \
@@ -21,9 +22,10 @@ ENV AUTH=0 \
     SYSTEM=0 \
     TASKS=0 \
     VERSION=1 \
-    VOLUMES=0
+    VOLUMES=0 \
+    SOCK_NETWORK=1 \
+    SOCK_DISK=1
 COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
-VOLUME /run/docker-filtered
 
 # Metadata
 ARG VCS_REF
diff --git a/haproxy.cfg b/haproxy.cfg
index 0470044..e6cc2af 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -28,10 +28,6 @@ defaults
     load-server-state-from-file global
 
 backend dockerbackend
-    server dockersocket /var/run/docker.sock
-
-frontend dockerfrontend
-    bind :2375,/run/docker-filtered/docker.sock
     http-request deny unless METH_GET || { env(POST) -m bool }
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } ! { env(AUTH) -m bool }
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } ! { env(BUILD) -m bool }
@@ -53,4 +49,16 @@ frontend dockerfrontend
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/tasks } ! { env(TASKS) -m bool }
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } ! { env(VERSION) -m bool }
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes } ! { env(VOLUMES) -m bool }
+
+    server dockersocket /var/run/docker.sock
+
+frontend docker-network
+    bind :2375
+    http-request deny if ! { env(SOCK_NETWORK) -m bool }
     default_backend dockerbackend
+
+frontend docker-disk
+    bind /run/docker-filtered/docker.sock
+    http-request deny if ! { env(SOCK_DISK) -m bool }
+    default_backend dockerbackend
+