diff --git a/server/Server.js b/server/Server.js
index 95e3d68356..46850cbb7b 100644
--- a/server/Server.js
+++ b/server/Server.js
@@ -53,7 +53,17 @@ class Server {
     global.RouterBasePath = ROUTER_BASE_PATH
     global.XAccel = process.env.USE_X_ACCEL
     global.AllowCors = process.env.ALLOW_CORS === '1'
-    global.DisableSsrfRequestFilter = process.env.DISABLE_SSRF_REQUEST_FILTER === '1'
+
+    if (process.env.DISABLE_SSRF_REQUEST_FILTER === '1') {
+      Logger.info(`[Server] SSRF Request Filter Disabled`)
+      global.DisableSsrfRequestFilter = () => true
+    } else if (process.env.SSRF_REQUEST_FILTER_WHITELIST?.length) {
+      const whitelistedUrls = process.env.SSRF_REQUEST_FILTER_WHITELIST.split(',').map((url) => url.trim())
+      if (whitelistedUrls.length) {
+        Logger.info(`[Server] SSRF Request Filter Whitelisting: ${whitelistedUrls.join(',')}`)
+        global.DisableSsrfRequestFilter = (url) => whitelistedUrls.includes(new URL(url).hostname)
+      }
+    }
 
     if (!fs.pathExistsSync(global.ConfigPath)) {
       fs.mkdirSync(global.ConfigPath)
diff --git a/server/utils/fileUtils.js b/server/utils/fileUtils.js
index 8b87d3a09c..109cab5b08 100644
--- a/server/utils/fileUtils.js
+++ b/server/utils/fileUtils.js
@@ -277,8 +277,8 @@ module.exports.downloadFile = (url, filepath, contentTypeFilter = null) => {
         'User-Agent': 'audiobookshelf (+https://audiobookshelf.org)'
       },
       timeout: 30000,
-      httpAgent: global.DisableSsrfRequestFilter ? null : ssrfFilter(url),
-      httpsAgent: global.DisableSsrfRequestFilter ? null : ssrfFilter(url)
+      httpAgent: global.DisableSsrfRequestFilter?.(feedUrl) ? null : ssrfFilter(feedUrl),
+      httpsAgent: global.DisableSsrfRequestFilter?.(feedUrl) ? null : ssrfFilter(feedUrl)
     })
       .then((response) => {
         // Validate content type
diff --git a/server/utils/podcastUtils.js b/server/utils/podcastUtils.js
index 627e24b290..26bd173398 100644
--- a/server/utils/podcastUtils.js
+++ b/server/utils/podcastUtils.js
@@ -244,8 +244,8 @@ module.exports.getPodcastFeed = (feedUrl, excludeEpisodeMetadata = false) => {
       Accept: 'application/rss+xml, application/xhtml+xml, application/xml, */*;q=0.8',
       'User-Agent': userAgent
     },
-    httpAgent: global.DisableSsrfRequestFilter ? null : ssrfFilter(feedUrl),
-    httpsAgent: global.DisableSsrfRequestFilter ? null : ssrfFilter(feedUrl)
+    httpAgent: global.DisableSsrfRequestFilter?.(feedUrl) ? null : ssrfFilter(feedUrl),
+    httpsAgent: global.DisableSsrfRequestFilter?.(feedUrl) ? null : ssrfFilter(feedUrl)
   })
     .then(async (data) => {
       // Adding support for ios-8859-1 encoded RSS feeds.