diff --git a/rhodecode/lib/middleware/vcs.py b/rhodecode/lib/middleware/vcs.py
--- a/rhodecode/lib/middleware/vcs.py
+++ b/rhodecode/lib/middleware/vcs.py
@@ -159,11 +159,18 @@ def detect_vcs_request(environ, backends
         # favicon often requested by browsers
         'favicon.ico',
 
+        # static files no detection
+        '_static++',
+
+        # debug-toolbar
+        '_debug_toolbar++',
+
         # e.g /_file_store/download
         '_file_store++',
 
         # login
-        "_admin/login",
+        f"{ADMIN_PREFIX}/login",
+        f"{ADMIN_PREFIX}/logout",
 
         # 2fa
         f"{ADMIN_PREFIX}/check_2fa",
@@ -178,12 +185,6 @@ def detect_vcs_request(environ, backends
         # _admin/my_account is safe too
         f'{ADMIN_PREFIX}/my_account++',
 
-        # static files no detection
-        '_static++',
-
-        # debug-toolbar
-        '_debug_toolbar++',
-
         # skip ops ping, status
         f'{ADMIN_PREFIX}/ops/ping',
         f'{ADMIN_PREFIX}/ops/status',
@@ -193,11 +194,14 @@ def detect_vcs_request(environ, backends
 
         '++/repo_creating_check'
     ]
+
     path_info = get_path_info(environ)
     path_url = path_info.lstrip('/')
     req_method = environ.get('REQUEST_METHOD')
 
     for item in white_list:
+        item = item.lstrip('/')
+
         if item.endswith('++') and path_url.startswith(item[:-2]):
             log.debug('path `%s` in whitelist (match:%s), skipping...', path_url, item)
             return handler