diff --git a/src/ejabberd_commands.erl b/src/ejabberd_commands.erl
index 1b7d777e6..9d41f50c2 100644
--- a/src/ejabberd_commands.erl
+++ b/src/ejabberd_commands.erl
@@ -761,7 +761,7 @@ is_admin(Name, Auth, Extra) ->
 	      end,
     AdminAccess = ejabberd_config:get_option(
                     commands_admin_access,
-                    fun(A) when is_atom(A) -> A end,
+		    fun(V) -> V end,
                     none),
     case acl:access_matches(AdminAccess, ACLInfo, Server) of
         allow ->
@@ -773,8 +773,7 @@ is_admin(Name, Auth, Extra) ->
         deny -> false
     end.
 
-opt_type(commands_admin_access) ->
-    fun(A) when is_atom(A) -> A end;
+opt_type(commands_admin_access) -> fun acl:access_rules_validator/1;
 opt_type(commands) ->
     fun(V) when is_list(V) -> V end;
 opt_type(_) -> [commands, commands_admin_access].
diff --git a/src/mod_http_api.erl b/src/mod_http_api.erl
index 1962e1d0e..aadf09974 100644
--- a/src/mod_http_api.erl
+++ b/src/mod_http_api.erl
@@ -173,7 +173,7 @@ check_permissions2(_Request, Call, open) ->
     {allowed, Call, noauth};
 check_permissions2(#request{ip={IP, _Port}}, Call, _Policy) ->
     Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access,
-                                    mod_opt_type(admin_ip_access),
+                                    fun(V) -> V end,
                                     none),
     Res = acl:match_rule(global, Access, IP),
     case Res of
@@ -502,6 +502,5 @@ log(Call, Args, {Addr, Port}) ->
 log(Call, Args, IP) ->
     ?INFO_MSG("API call ~s ~p (~p)", [Call, Args, IP]).
 
-mod_opt_type(admin_ip_access) ->
-    fun(Access) when is_atom(Access) -> Access end;
+mod_opt_type(admin_ip_access) -> fun acl:access_rules_validator/1;
 mod_opt_type(_) -> [admin_ip_access].