diff --git a/src/apps.js b/src/apps.js
index f2e80199e..133b79932 100644
--- a/src/apps.js
+++ b/src/apps.js
@@ -428,10 +428,10 @@ function getByIpAddress(ip, callback) {
     assert.strictEqual(typeof ip, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    docker.getContainerIdByIp(ip, function (error, containerId) {
+    docker.getAppIdByContainerIp(ip, function (error, appId) {
         if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
 
-        appdb.getByContainerId(containerId, function (error, app) {
+        appdb.get(appId, function (error, app) {
             if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
             if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
 
diff --git a/src/docker.js b/src/docker.js
index 118ffe234..bd21d7baf 100644
--- a/src/docker.js
+++ b/src/docker.js
@@ -14,6 +14,7 @@ exports = module.exports = {
     deleteContainers: deleteContainers,
     createSubcontainer: createSubcontainer,
     getContainerIdByIp: getContainerIdByIp,
+    getAppIdByContainerIp: getAppIdByContainerIp,
     inspect: inspect,
     inspectByName: inspect,
     execContainer: execContainer
@@ -384,6 +385,24 @@ function getContainerIdByIp(ip, callback) {
     });
 }
 
+function getAppIdByContainerIp(ip, callback) {
+    assert.strictEqual(typeof ip, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    getContainerIdByIp(ip, function (error, containerId) {
+        if (error) return callback(error);
+
+        inspect(containerId, function (error, result) {
+            if (error) return callback(error);
+
+            var appId = result.Config.Labels.appId;
+            if (!appId) return callback(new Error('No app associated with this ip'));
+
+            callback(null, appId);
+        });
+    });
+}
+
 function inspect(containerId, callback) {
     assert.strictEqual(typeof containerId, 'string');
     assert.strictEqual(typeof callback, 'function');
diff --git a/src/dockerproxy.js b/src/dockerproxy.js
index 5700882cc..d705f9b2b 100644
--- a/src/dockerproxy.js
+++ b/src/dockerproxy.js
@@ -27,6 +27,7 @@ function authorizeApp(req, res, next) {
     // - block apps not using the docker addon
     // - block calls regarding platform containers
     // - only allow managing and inspection of containers belonging to the app
+    // - allow docker to be called from child containers spun of from an authorized app
 
     if (config.TEST) return next(); // make the tests pass for now