diff --git a/config.js.example b/config.js.example
index 2790c1e..309744d 100644
--- a/config.js.example
+++ b/config.js.example
@@ -89,6 +89,15 @@ module.exports = {
     // ....
   ],
 
+  // Block incomming websocket connections from the following hosts.
+  blocked_hosts: [
+    // "127.0.0.1",
+    // "127.0.0.2",
+    // "::1",
+    // "::2",
+    // ....
+  ],
+
   // Used for accessing NIP-42 protected events from certain relays.
   // It could be your key. Leaving this empty completely disables NIP-42 function.
   //
diff --git a/http.js b/http.js
index b8576af..1ea14c8 100644
--- a/http.js
+++ b/http.js
@@ -89,6 +89,8 @@ server.on('upgrade', (req, sock, head) => {
   }
 
   const ip = req.headers["x-forwarded-for"]?.split(",")[0] || sock.address()?.address;
+
+  if (config.blocked_hosts && config.blocked_hosts.includes(ip)) return sock.destroy();
   const lv = lastConn.get(ip) // last visit
   if (config.incomming_ratelimit && (config.incomming_ratelimit > (Date.now() - lv))) {
     log(`Rejected connection from ${ip} as the last connection was ${Date.now() - lv} ms ago.`);