diff --git a/deployment/puppet/cluster/manifests/haproxy.pp b/deployment/puppet/cluster/manifests/haproxy.pp
index 84c193de5a..e71e18a1a2 100644
--- a/deployment/puppet/cluster/manifests/haproxy.pp
+++ b/deployment/puppet/cluster/manifests/haproxy.pp
@@ -9,6 +9,7 @@ class cluster::haproxy (
   $primary_controller = false,
   $debug              = false,
   $other_networks     = false,
+  $stats_ipaddresses  = ['127.0.0.1']
 ) {
   include ::concat::setup
   include ::haproxy::params
@@ -52,9 +53,10 @@ class cluster::haproxy (
   }
 
   class { 'haproxy::base':
-    global_options   => $global_options,
-    defaults_options => $defaults_options,
-    use_include      => true,
+    global_options    => $global_options,
+    defaults_options  => $defaults_options,
+    stats_ipaddresses => $stats_ipaddresses,
+    use_include       => true,
   }
 
   class { 'cluster::haproxy_ocf':
diff --git a/deployment/puppet/haproxy/Gemfile b/deployment/puppet/haproxy/Gemfile
index 5def829220..5b53ff8d8f 100644
--- a/deployment/puppet/haproxy/Gemfile
+++ b/deployment/puppet/haproxy/Gemfile
@@ -8,7 +8,6 @@ group :development, :test do
   gem 'rspec-system-puppet',     :require => false
   gem 'rspec-system-serverspec', :require => false
   gem 'serverspec',              :require => false
-  gem 'puppet-lint',             :require => false
   gem 'pry',                     :require => false
   gem 'simplecov',               :require => false
 end
diff --git a/deployment/puppet/haproxy/manifests/base.pp b/deployment/puppet/haproxy/manifests/base.pp
index 0be2982020..7710f9c82a 100644
--- a/deployment/puppet/haproxy/manifests/base.pp
+++ b/deployment/puppet/haproxy/manifests/base.pp
@@ -28,6 +28,7 @@ class haproxy::base (
   $use_include      = $haproxy::params::use_include,
   $use_stats        = $haproxy::params::use_stats,
   $stats_port       = $haproxy::params::stats_port,
+  $stats_ipaddresses       = $haproxy::params::stats_ipaddresses
 ) inherits haproxy::params {
   include concat::setup
 
diff --git a/deployment/puppet/haproxy/manifests/params.pp b/deployment/puppet/haproxy/manifests/params.pp
index bb96954111..fb4c599cec 100644
--- a/deployment/puppet/haproxy/manifests/params.pp
+++ b/deployment/puppet/haproxy/manifests/params.pp
@@ -68,4 +68,5 @@ class haproxy::params {
   }
   $use_stats = true
   $stats_port = '10000'
+  $stats_ipaddresses = ['127.0.0.1']
 }
diff --git a/deployment/puppet/haproxy/templates/haproxy-stats.cfg.erb b/deployment/puppet/haproxy/templates/haproxy-stats.cfg.erb
index 8ce7c347ed..19188ed69b 100644
--- a/deployment/puppet/haproxy/templates/haproxy-stats.cfg.erb
+++ b/deployment/puppet/haproxy/templates/haproxy-stats.cfg.erb
@@ -1,5 +1,8 @@
 
-listen Stats *:<%= @stats_port %>
+listen Stats
+<% Array(@stats_ipaddresses).uniq.each do |ip| -%>
+  bind <%= ip %>:<%= @stats_port %>
+<% end -%>
   mode http
   stats enable
   stats uri /
diff --git a/deployment/puppet/osnailyfacter/modular/cluster-haproxy/cluster-haproxy.pp b/deployment/puppet/osnailyfacter/modular/cluster-haproxy/cluster-haproxy.pp
index 7ba70c75b1..62818f212b 100644
--- a/deployment/puppet/osnailyfacter/modular/cluster-haproxy/cluster-haproxy.pp
+++ b/deployment/puppet/osnailyfacter/modular/cluster-haproxy/cluster-haproxy.pp
@@ -8,4 +8,5 @@ class { 'cluster::haproxy':
   primary_controller => hiera('primary_controller'),
   debug              => hiera('debug', false),
   other_networks     => direct_networks($network_scheme['endpoints']),
+  stats_ipaddresses  => [hiera('management_vip'),'127.0.0.1']
 }
diff --git a/tests/noop/spec/hosts/cluster-haproxy/cluster-haproxy_spec.rb b/tests/noop/spec/hosts/cluster-haproxy/cluster-haproxy_spec.rb
index b392a836da..c6e1b1760e 100644
--- a/tests/noop/spec/hosts/cluster-haproxy/cluster-haproxy_spec.rb
+++ b/tests/noop/spec/hosts/cluster-haproxy/cluster-haproxy_spec.rb
@@ -7,6 +7,7 @@ describe manifest do
 
     networks = []
     endpoints = Noop.hiera_structure 'network_scheme/endpoints'
+    management_vip = Noop.hiera 'management_vip'
     endpoints.each{ |k,v|
       if v['IP'].is_a?(Array)
         v['IP'].each { |ip|
@@ -25,6 +26,14 @@ describe manifest do
         'other_networks' => networks.join(' '),
       )
     end
+    it "should contain stats fragment and listen only on lo and #{management_vip}" do
+        should contain_concat__fragment('haproxy-stats').with_content(
+            %r{\n\s*bind\s+127\.0\.0\.1:10000\s*$\n}
+        )
+        should contain_concat__fragment('haproxy-stats').with_content(
+            %r{\n\s*bind\s+#{management_vip}:10000\s*\n}
+        )
+    end
 
   end