diff --git a/main.go b/main.go
index ad4539c6..cb5a57cc 100644
--- a/main.go
+++ b/main.go
@@ -11,6 +11,7 @@ import (
 	"github.com/kabukky/journey/server"
 	"github.com/kabukky/journey/structure/methods"
 	"github.com/kabukky/journey/templates"
+	"github.com/justinas/alice"
 	"log"
 	"net/http"
 	"os"
@@ -117,14 +118,16 @@ func main() {
 		// Start https server
 		log.Println("Starting https server on port " + httpsPort + "...")
 		go func() {
-			err := http.ListenAndServeTLS(httpsPort, filenames.HttpsCertFilename, filenames.HttpsKeyFilename, httpsRouter)
+			chain := alice.New(server.CheckHost).Then(httpsRouter)
+			err := http.ListenAndServeTLS(httpsPort, filenames.HttpsCertFilename, filenames.HttpsKeyFilename, chain)
 			if err != nil {
 				log.Fatal("Error: Couldn't start the HTTPS server:", err)
 			}
 		}()
 		// Start http server
 		log.Println("Starting http server on port " + httpPort + "...")
-		err := http.ListenAndServe(httpPort, httpRouter)
+		chain := alice.New(server.CheckHost).Then(httpRouter)
+		err := http.ListenAndServe(httpPort, chain)
 		if err != nil {
 			log.Fatal("Error: Couldn't start the HTTP server:", err)
 		}
@@ -143,14 +146,16 @@ func main() {
 		// Start https server
 		log.Println("Starting https server on port " + httpsPort + "...")
 		go func() {
-			err := http.ListenAndServeTLS(httpsPort, filenames.HttpsCertFilename, filenames.HttpsKeyFilename, httpsRouter)
+			chain := alice.New(server.CheckHost).Then(httpsRouter)
+			err := http.ListenAndServeTLS(httpsPort, filenames.HttpsCertFilename, filenames.HttpsKeyFilename, chain)
 			if err != nil {
 				log.Fatal("Error: Couldn't start the HTTPS server:", err)
 			}
 		}()
 		// Start http server
 		log.Println("Starting http server on port " + httpPort + "...")
-		err := http.ListenAndServe(httpPort, httpRouter)
+		chain := alice.New(server.CheckHost).Then(httpRouter)
+		err := http.ListenAndServe(httpPort, chain)
 		if err != nil {
 			log.Fatal("Error: Couldn't start the HTTP server:", err)
 		}
@@ -164,7 +169,8 @@ func main() {
 		// Start http server
 		log.Println("Starting server without HTTPS support. Please enable HTTPS in " + filenames.ConfigFilename + " to improve security.")
 		log.Println("Starting http server on port " + httpPort + "...")
-		err := http.ListenAndServe(httpPort, httpRouter)
+		chain := alice.New(server.CheckHost).Then(httpRouter)
+		err := http.ListenAndServe(httpPort, chain)
 		if err != nil {
 			log.Fatal("Error: Couldn't start the HTTP server:", err)
 		}
diff --git a/server/middlewares.go b/server/middlewares.go
new file mode 100644
index 00000000..0cf94136
--- /dev/null
+++ b/server/middlewares.go
@@ -0,0 +1,36 @@
+package server
+
+import (
+	"net"
+	"net/http"
+	"net/url"
+	"github.com/kabukky/journey/configuration"
+	"log"
+	"strings"
+)
+
+// Generally is not a good idea to serve all requests on the blog IP even with empty or unknown host header.
+// The good practice is to serve requests with correct 'Host' header and return 400 otherwise.
+// See rfc2616 for details.
+
+func CheckHost(next http.Handler) http.Handler{
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+		parsed, err := url.Parse(configuration.Config.Url)
+		if err != nil {
+			log.Fatal("Error: Couldn't parse the Config.Url:", err)
+		}
+		host, _, _ := net.SplitHostPort(parsed.Host)
+
+		if !strings.EqualFold(r.Host, "") {
+			if (strings.EqualFold(r.Host, host) || strings.EqualFold(r.Host, parsed.Host)) {
+				next.ServeHTTP(w, r)
+				return
+			}
+		}
+
+		http.Error(w, http.StatusText(400), 400)
+		return
+	})
+}