diff --git a/src/server.js b/src/server.js
index ce99fe8c0..f67944652 100644
--- a/src/server.js
+++ b/src/server.js
@@ -242,8 +242,8 @@ function initializeExpressSync() {
     }, routes.branding.set);
 
     // network routes
-    router.get ('/api/v1/network/blocklist',       token, authorizeAdmin, routes.network.getBlocklist);
-    router.post('/api/v1/network/blocklist', json, token, authorizeAdmin, routes.network.setBlocklist);
+    router.get ('/api/v1/network/blocklist',       token, authorizeOwner, routes.network.getBlocklist);
+    router.post('/api/v1/network/blocklist', json, token, authorizeOwner, routes.network.setBlocklist);
 
     // settings routes (these are for the settings tab - avatar & name have public routes for normal users. see above)
     router.get ('/api/v1/settings/:setting',            token, authorizeAdmin, routes.settings.get);