diff --git a/.env.example b/.env.example
index 679d15f6..eaac1e5f 100644
--- a/.env.example
+++ b/.env.example
@@ -99,6 +99,7 @@ SQS_REGION=
 # Websocket - Environment variables
 WEBSOCKET_ENABLED=false
 WEBSOCKET_GLOBAL_EVENTS=false
+WEBSOCKET_ALLOWED_HOSTS=127.0.0.1,::1,::ffff:127.0.0.1
 
 # Pusher - Environment variables
 PUSHER_ENABLED=false
diff --git a/src/api/integrations/event/websocket/websocket.controller.ts b/src/api/integrations/event/websocket/websocket.controller.ts
index 3f4afd9b..046682a9 100644
--- a/src/api/integrations/event/websocket/websocket.controller.ts
+++ b/src/api/integrations/event/websocket/websocket.controller.ts
@@ -31,11 +31,12 @@ export class WebsocketController extends EventController implements EventControl
           const params = new URLSearchParams(url.search);
 
           const { remoteAddress } = req.socket;
-          const isLocalhost =
-            remoteAddress === '127.0.0.1' || remoteAddress === '::1' || remoteAddress === '::ffff:127.0.0.1';
+          const isAllowedHost = (process.env.WEBSOCKET_ALLOWED_HOSTS || '127.0.0.1,::1,::ffff:127.0.0.1')
+            .split(',')
+            .map(h => h.trim())
+            .includes(remoteAddress);
 
-          // Permite conexões internas do Socket.IO (EIO=4 é o Engine.IO v4)
-          if (params.has('EIO') && isLocalhost) {
+          if (params.has('EIO') && isAllowedHost) {
             return callback(null, true);
           }