diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
index 26d06c8f3..7968f8bf1 100644
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@@ -197,7 +197,8 @@ export class App {
             if (next) next()
         })
 
-        const whitelistURLs = WHITELIST_URLS
+        const denylistURLs = process.env.DENYLIST_URLS ? process.env.DENYLIST_URLS.split(',') : []
+        const whitelistURLs = WHITELIST_URLS.filter((url) => !denylistURLs.includes(url))
         const URL_CASE_INSENSITIVE_REGEX: RegExp = /\/api\/v1\//i
         const URL_CASE_SENSITIVE_REGEX: RegExp = /\/api\/v1\//
 
@@ -209,7 +210,7 @@ export class App {
                 // Step 2: Check if the req path is casesensitive
                 if (URL_CASE_SENSITIVE_REGEX.test(req.path)) {
                     // Step 3: Check if the req path is in the whitelist
-                    const isWhitelisted = whitelistURLs.some((url) => req.path.startsWith(url))
+                    const isWhitelisted = whitelistURLs.includes(req.path)
                     if (isWhitelisted) {
                         next()
                     } else if (req.headers['x-request-from'] === 'internal') {