diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 2f7cf99..507b878 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -44,6 +44,12 @@ global_wireguard_private_directory: "{{ global_credentials_directory }}/wireguar
 global_wireguard_public_directory: "{{ global_public_key_directory }}/wireguard/keys"
 global_wireguard_peers_directory: "{{ global_public_key_directory }}/wireguard/peers"
 
+nginx_status_page_acl: |
+  allow 127.0.0.1/8;
+  allow ::1;
+  allow {{ global_wireguard_ipv4_range }};
+  deny all;
+
 ssh_host_key_types:
   - ed25519
   - rsa
diff --git a/roles/nginx/default_server/defaults/main.yml b/roles/nginx/default_server/defaults/main.yml
new file mode 100644
index 0000000..2092918
--- /dev/null
+++ b/roles/nginx/default_server/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+status_page_acl: "{{ nginx_status_page_acl }}"
diff --git a/roles/nginx/default_server/meta/main.yml b/roles/nginx/default_server/meta/main.yml
index f9b2d26..565cc11 100644
--- a/roles/nginx/default_server/meta/main.yml
+++ b/roles/nginx/default_server/meta/main.yml
@@ -14,8 +14,5 @@ dependencies:
       }
       location = /status {
         stub_status;
-        allow 127.0.0.1/8;
-        allow ::1;
-        allow {{ global_wireguard_ipv4_range }};
-        deny all;
+        {{ status_page_acl | indent(width=2) }}
       }