diff --git a/cve-vulner-manager/routers/middleware.go b/cve-vulner-manager/routers/middleware.go
index cafb6b3e4b99f1282d825459115cab17998d8ef2..41d5d0bc7386c5f67048427f0a240c50b5b7af4c 100644
--- a/cve-vulner-manager/routers/middleware.go
+++ b/cve-vulner-manager/routers/middleware.go
@@ -1,15 +1,37 @@
 package routers
 
 import (
+	"net/url"
+
 	"github.com/astaxie/beego"
 	"github.com/astaxie/beego/context"
 )
 
+var officialSite = map[string]struct{}{
+	"opengauss.org":             {},
+	"opengauss.test.osinfra.cn": {},
+}
+
 func initMiddleware() {
 	beego.InsertFilter("/v1/gauss/*", beego.BeforeRouter, addHeader)
+	beego.InsertFilter("/v1/gauss/*", beego.BeforeRouter, checkReferer)
 
 }
 
 func addHeader(ctx *context.Context) {
 	ctx.ResponseWriter.Header().Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
 }
+
+func checkReferer(ctx *context.Context) {
+	r, err := url.Parse(ctx.Request.Referer())
+	if err != nil {
+		ctx.WriteString("illegal referer")
+		return
+	}
+
+	if _, ok := officialSite[r.Host]; !ok {
+		ctx.WriteString("illegal referer")
+		return
+	}
+
+}