diff --git a/src/main/java/app/controllers/admin/RconController.java b/src/main/java/app/controllers/admin/RconController.java
index eff6609..e17299e 100644
--- a/src/main/java/app/controllers/admin/RconController.java
+++ b/src/main/java/app/controllers/admin/RconController.java
@@ -22,6 +22,7 @@ public class RconController {
 
     StatsService statsService;
     private List<String> blockList = List.of(new String[]{"sm_ban", "ban", "sm_unban", "unban"});
+    private List<String> allowList = List.of(new String[]{"sm_map", "map"});
 
     @Autowired
     public RconController(StatsService statsService) {
@@ -38,6 +39,10 @@ public class RconController {
                                        @RequestParam String command) {
         if (blockList.contains(Arrays.stream(command.split(" ")).limit(1).findFirst().orElse("")))
             return new ResponseEntity<>("banned", HttpStatus.OK);
+
+        if (!allowList.contains(Arrays.stream(command.split(" ")).limit(1).findFirst().orElse("")))
+            return new ResponseEntity<>("not allowed", HttpStatus.OK);
+
         return new ResponseEntity<>(statsService.rconExecute(srv, command), HttpStatus.OK);
     }
 }