diff --git a/system/hosts/mcp/static-site-hooks.nix b/system/hosts/mcp/static-site-hooks.nix
index 193d9a8..d53de80 100644
--- a/system/hosts/mcp/static-site-hooks.nix
+++ b/system/hosts/mcp/static-site-hooks.nix
@@ -58,18 +58,36 @@ in
         id = "deploy-www2-terakoda-com";
         http-methods = [ "POST" ];
         command-working-directory = "/tank/web/www2.terakoda.com";
-        include-command-output-in-response = true;
         include-command-output-in-response-on-error = true;
         execute-command = "${testHook}/bin/deploy-astro-app";
+        trigger-rule-mismatch-http-response-code = 400;
         trigger-rule = {
-          match = {
-            type = "payload-mac-sha256";
-            secret = "test123";
-            parameter = {
-              source = "header";
-              name = "X-Hub-Signature-256";
-            };
-          };
+          or = [
+            # There were some issues getting the payload signature validation to work.
+            # Switching to only accepting requests from internal IPs.
+            # {
+            #   match = {
+            #     type = "payload-hmac-sha1";
+            #     secret = "mysecret";
+            #     parameter = {
+            #       source = "header";
+            #       name = "X-Hub-Signature";
+            #     };
+            #   };
+            # }
+            {
+              match = {
+                type = "ip-whitelist";
+                ip-range = "192.168.0.0/16";
+              };
+            }
+            {
+              match = {
+                type = "ip-whitelist";
+                ip-range = "10.88.0.0/16";
+              };
+            }
+          ];
         };
       };
     };