diff --git a/lib/travis/api/attack.rb b/lib/travis/api/attack.rb
index 411980bf..4bf4fd5d 100644
--- a/lib/travis/api/attack.rb
+++ b/lib/travis/api/attack.rb
@@ -31,7 +31,9 @@ class Rack::Attack
     "/auth/post_message/iframe"
   ]
 
-  IMAGE_PATTERN = /^\/([a-z0-9_-]+)\/([a-z0-9_-]+)\.(png|svg)$/
+  whitelist('safelist build status images') do |request|
+    /\.(png|svg)$/.match(request.path)
+  end
 
   ####
   # Whitelisted IP addresses
@@ -39,10 +41,6 @@ class Rack::Attack
     Travis.redis.sismember(:api_whitelisted_ips, request.ip)
   end
 
-  whitelist('safelist build status images when requested by github') do |request|
-    request.user_agent and request.user_agent.start_with?('github-camo') and IMAGE_PATTERN.match(request.path)
-  end
-
   ####
   # Ban based on: IP address
   # Ban time:     indefinite
diff --git a/spec/unit/attack_spec.rb b/spec/unit/attack_spec.rb
new file mode 100644
index 00000000..7bae3546
--- /dev/null
+++ b/spec/unit/attack_spec.rb
@@ -0,0 +1,23 @@
+describe Rack::Attack do
+  describe 'image request' do
+    let(:request) {
+      env = Rack::MockRequest.env_for("https://api-test.travis-ci.org/travis-ci/travis-github-sync.png")
+      Rack::Attack::Request.new(env)
+    }
+
+    it 'should be safelisted' do
+      expect(Rack::Attack.whitelisted?(request)).to be_truthy
+    end
+  end
+
+  describe 'non-image API request' do
+    let(:request) {
+      env = Rack::MockRequest.env_for("https://api-test.travis-ci.org/repos/rails/rails/branches")
+      Rack::Attack::Request.new(env)
+    }
+
+    it 'should not be safelisted' do
+      expect(Rack::Attack.whitelisted?(request)).to be_falsy
+    end
+  end
+end