diff --git a/.env.sample b/.env.sample
index 3e4c29ed..31c0ac71 100644
--- a/.env.sample
+++ b/.env.sample
@@ -24,6 +24,7 @@ DEFAULT_FROM_EMAIL=service@ksp.de
 
 # Proxy
 PROXY=CHANGE_ME
+MAP_PROXY_HOST_WHITELIST=CHANGE_ME_1,CHANGE_ME_2
 GEOPORTAL_RLP_USER=CHANGE_ME
 GEOPORTAL_RLP_PASSWORD=CHANGE_ME
 
diff --git a/konova/sub_settings/lanis_settings.py b/konova/sub_settings/lanis_settings.py
index 72082931..25ed4d25 100644
--- a/konova/sub_settings/lanis_settings.py
+++ b/konova/sub_settings/lanis_settings.py
@@ -5,6 +5,7 @@ Contact: michel.peltriaux@sgdnord.rlp.de
 Created on: 31.01.22
 
 """
+from konova.sub_settings.django_settings import env
 
 # MAPS
 DEFAULT_LAT = 50.00
@@ -28,3 +29,6 @@ LANIS_ZOOM_LUT = {
     1000: 30,
     500: 31,
 }
+
+MAP_PROXY_HOST_WHITELIST = env.list("MAP_PROXY_HOST_WHITELIST")
+i = 0
\ No newline at end of file
diff --git a/konova/views/map_proxy.py b/konova/views/map_proxy.py
index 790ab8dc..c84622c6 100644
--- a/konova/views/map_proxy.py
+++ b/konova/views/map_proxy.py
@@ -9,6 +9,7 @@ import json
 from json import JSONDecodeError
 
 import requests
+import urllib3.util
 from django.contrib.auth.decorators import login_required
 from django.http import JsonResponse, HttpRequest
 from django.utils.decorators import method_decorator
@@ -18,6 +19,7 @@ from django.utils.translation import gettext_lazy as _
 
 from requests.auth import HTTPDigestAuth
 
+from konova.sub_settings.lanis_settings import MAP_PROXY_HOST_WHITELIST
 from konova.sub_settings.proxy_settings import PROXIES, GEOPORTAL_RLP_USER, GEOPORTAL_RLP_PASSWORD
 
 
@@ -32,6 +34,13 @@ class BaseClientProxyView(View):
     def dispatch(self, request, *args, **kwargs):
         return super().dispatch(request, *args, **kwargs)
 
+    def _check_with_whitelist(self, url):
+        parsed_url = urllib3.util.parse_url(url)
+        parsed_url_host = parsed_url.host
+        whitelist = set(MAP_PROXY_HOST_WHITELIST)
+        is_allowed = parsed_url_host in whitelist
+        return is_allowed
+
     def perform_url_call(self, url, headers={}, auth=None):
         """ Generic proxied call
 
@@ -59,6 +68,11 @@ class ClientProxyParcelSearch(BaseClientProxyView):
 
     def get(self, request: HttpRequest):
         url = request.META.get("QUERY_STRING")
+
+        is_url_allowed = self._check_with_whitelist(url)
+        if not is_url_allowed:
+            raise PermissionError(f"Proxied url '{url}' is not allowed!")
+
         content, response_code = self.perform_url_call(url)
         try:
             body = json.loads(content)