diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 6996cec..0f9b8dc 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,8 +1,52 @@
+# =======
+# first layer white list (uncomment if you want to use double layer white list)
+# =======
+
+# map $remote_addr $limit_public {
+#     default     $binary_remote_addr;
+#     "8.8.8.8"   ""; 
+# }
+
+# =======
+# second layer white list (uncomment if you want to use double layer white list)
+# =======
+
+# map $remote_addr $limit_b2b {
+#     default     "";
+#     "8.8.8.8"   $binary_remote_addr;
+# }
+
+
+# limit_req_zone $limit_public zone=public_limit:10m rate=20r/s; # double layer white list (uncomment if you want to use double layer white list)
+# limit_req_zone $limit_b2b zone=b2b_limit:10m rate=1000r/s; # double layer white list (uncomment if you want to use double layer white list)
+limit_req_zone $binary_remote_addr zone=global_limit:10m rate=20r/s; # default - must be commented if need white list system
+
 server {
     listen 80;
     server_name localhost;
+    server_tokens off;
+
+    location = /metrics {
+        allow 172.16.0.0/12;
+        allow 10.0.0.0/8;
+        allow 192.168.0.0/16;
+        deny all;
+        proxy_pass http://app:8000;
+    }
+
+    location = /api/v1/media/webhook/minio {
+        allow 172.16.0.0/12;
+        allow 10.0.0.0/8;
+        allow 192.168.0.0/16;
+        deny all;
+        proxy_pass http://app:8000;
+    }
 
     location / {
+        server_tokens off;
+        # limit_req zone=public_limit burst=50 nodelay; # uncomment if you want to use double layer white list
+        # limit_req zone=b2b_limit burst=2000 nodelay; # uncomment if you want to use double layer white list
+        limit_req zone=global_limit burst=50 nodelay;
         proxy_pass http://app:8000;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;