diff --git a/interface/web/admin/system_config_edit.php b/interface/web/admin/system_config_edit.php
index 04db6717b0d3eb37aca9ae625d3d1a8154a0c982..ac3a1dcb6a14e7f56e5fe82306375a817e98d61a 100644
--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -96,7 +96,7 @@ class page_action extends tform_actions {
 
 		if($available_dashlets_txt == '') $available_dashlets_txt = '------';
 		$app->tpl->setVar("available_dashlets_txt", $available_dashlets_txt);
-		
+
 		// Logo
 		$sys_ini = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = ?", $this->id);
 		if($sys_ini['custom_logo'] != ''){
@@ -156,6 +156,11 @@ class page_action extends tform_actions {
 		*/
 
 		$new_config = $app->tform->encode($this->dataRecord, $section);
+		if($section == 'sites' && $new_config['client_protection'] != 'y' && $server_config_array['sites']['client_protection'] == 'y') {
+		  $app->db->query("UPDATE web_domain sys_perm_group = 'riud' WHERE added_by = admin");
+		} elseif($section == 'sites' && $new_config['client_protection'] != 'n' && $server_config_array['sites']['client_protection'] == 'n') {
+			$app->db->query("UPDATE web_domain sys_perm_group = 'ru' WHERE added_by = admin");
+		}
 		if($section == 'sites' && $new_config['vhost_subdomains'] != 'y' && $server_config_array['sites']['vhost_subdomains'] == 'y') {
 			// check for existing vhost subdomains, if found the mode cannot be disabled
 			$check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostsubdomain'");
@@ -198,13 +203,13 @@ class page_action extends tform_actions {
 				"FROM dns_soa";
 			$app->db->query($sql);
 		}
-		
+
 		//die(print_r($_FILES));
 		// Logo
 		/*
 		if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){
 			//print_r($_FILES);
-			
+
 			$path= $_FILES['file']['tmp_name'];
 			$type = pathinfo($path, PATHINFO_EXTENSION);
 			$data = file_get_contents($path);