diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb
index f64715d52..aca3abd0d 100644
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@@ -13,7 +13,7 @@ class Epp::SessionsController < EppController
     success = true
     @api_user = ApiUser.find_by(login_params)
 
-    if request.ip == ENV['webclient_ip'] && !Rails.env.test?
+    if request.ip == ENV['webclient_ip'] && (!Rails.env.test? || !Rails.env.development?)
       client_md5 = Certificate.parse_md_from_string(request.env['HTTP_SSL_CLIENT_CERT'])
       server_md5 = Certificate.parse_md_from_string(File.read(ENV['cert_path']))
       if client_md5 != server_md5
diff --git a/app/controllers/epp_controller.rb b/app/controllers/epp_controller.rb
index 6ec5758e5..2cd1c8bc7 100644
--- a/app/controllers/epp_controller.rb
+++ b/app/controllers/epp_controller.rb
@@ -309,7 +309,7 @@ class EppController < ApplicationController
 
     # filter pw
     if request_command == 'login' && frame.present?
-      frame.gsub!(/<pw>.+<\/pw>/, '<pw>[FILTERED]</pw>')
+      frame.gsub!(/pw>.+<\//, 'pw>[FILTERED]</')
     end
 
     ApiLog::EppLog.create({
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
index 4a994e1e7..bdc362174 100644
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@@ -2,3 +2,7 @@
 
 # Configure sensitive parameters which will be filtered from the log file.
 Rails.application.config.filter_parameters += [:password]
+
+Rails.application.config.filter_parameters << lambda do |key, value|
+  value.gsub!(/pw>.+<\//, 'pw>[FILTERED]</') if key =~ /frame|raw_frame/i
+end
diff --git a/doc/repp-doc.md b/doc/repp-doc.md
index 9896f34da..8eab257ab 100644
--- a/doc/repp-doc.md
+++ b/doc/repp-doc.md
@@ -10,7 +10,7 @@ To quickly test the API, use curl:
 
     curl -q -k --cert user.crt.pem --key user.key.pem https://TBA/repp/v1/accounts/balance -u username:password
 
-Test API endpoint: TBA  
+Test API endpoint: https://testepp.internet.ee/repp/v1  
 Production API endpoint: TBA
 
 Main communication specification through Restful EPP (REPP):