diff --git a/README.md b/README.md
index d64afe3..adb823b 100644
--- a/README.md
+++ b/README.md
@@ -119,27 +119,31 @@ by default. Maximum caution when enabling these.
 
 #### Not always needed
 
-You will possibly need to grant access to some of these API sections, which are
-not so extremely critical but can expose some information that your service
-does not need.
+You will possibly need to grant access to some of these API sections, which 
+can expose some information that your service does not need.
 
-- `BUILD`
-- `COMMIT`
-- `CONFIGS`
-- `CONTAINERS`
-- `DISTRIBUTION`
-- `EXEC`
-- `IMAGES`
-- `INFO`
-- `NETWORKS`
-- `NODES`
-- `PLUGINS`
-- `SERVICES`
-- `SESSION`
-- `SWARM`
-- `SYSTEM`
-- `TASKS`
-- `VOLUMES`
+| GET            | POST                  |
+|:---------------|:----------------------|
+| `BUILD`        | `ALLOW_RESTARTS`      |
+| `COMMIT`       | `CONTAINERS_PRUNE`    |
+| `CONFIGS`      | `CONTAINERS_CREATE`   |
+| `CONTAINERS`   | `CONTAINERS_RESIZE`   |
+| `DISTRIBUTION` | `CONTAINERS_START`    |
+| `EXEC`         | `CONTAINERS_UPDATE`   |
+| `IMAGES`       | `CONTAINERS_RENAME`   |
+| `INFO`         | `CONTAINERS_PAUSE`    |
+| `NETWORKS`     | `CONTAINERS_UNPAUSE`  |
+| `NODES`        | `CONTAINERS_ATTACH`   |
+| `PLUGINS`      | `CONTAINERS_WAIT`     |
+| `SERVICES`     | `CONTAINERS_EXEC`     |
+| `SESSION`      | `VOLUMES_CREATE`      |
+| `SWARM`        | `VOLUMES_PRUNE`       |
+| `SYSTEM`       | `NETWORKS_CREATE`     |
+| `TASKS`        | `NETWORKS_PRUNE`      |
+| `VOLUMES`      | `NETWORKS_CONNECT`    |
+|                | `NETWORKS_DISCONNECT` |
+
+`ALLOW_RESTARTS` allows to `kill`, `stop` and `restart` containers
 
 ## Logging
 
diff --git a/haproxy.cfg b/haproxy.cfg
index ab057a3..5079f4d 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -69,20 +69,20 @@ frontend dockerfrontend
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } { env(CONTAINERS_CREATE) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/prune } { env(CONTAINERS_PRUNE) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/resize } { env(CONTAINERS_RESIZE) -m bool}
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(CONTAINERS_START) -m bool}
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/update } { env(CONTAINERS_UPDATE) -m bool}
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/rename } { env(CONTAINERS_RENAME) -m bool}
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/pause } { env(CONTAINERS_PAUSE) -m bool}
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/unpause } { env(CONTAINERS_UNPAUSE) -m bool}
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/attach } { env(CONTAINERS_ATTACH) -m bool}
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/wait } { env(CONTAINERS_WAIT) -m bool}
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/exec } { env(CONTAINERS_EXEC) -m bool}
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/resize } { env(CONTAINERS_RESIZE) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(CONTAINERS_START) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/update } { env(CONTAINERS_UPDATE) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/rename } { env(CONTAINERS_RENAME) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/pause } { env(CONTAINERS_PAUSE) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/unpause } { env(CONTAINERS_UNPAUSE) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/attach } { env(CONTAINERS_ATTACH) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/wait } { env(CONTAINERS_WAIT) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/exec } { env(CONTAINERS_EXEC) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } { env(VOLUMES_CREATE) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/prune } { env(VOLUMES_PRUNE) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/create } { env(NETWORKS_CREATE) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/prune } { env(NETWORKS_PRUNE) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/connect } { env(NETWORKS_CONNECT) -m bool} 
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/disconnect } { env(NETWORKS_DISCONNECT) -m bool} 
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/connect } { env(NETWORKS_CONNECT) -m bool } 
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/disconnect } { env(NETWORKS_DISCONNECT) -m bool } 
     http-request deny
     default_backend dockerbackend