diff --git a/src/middleware.js b/src/middleware.js
index a9bf751..22b5cf7 100644
--- a/src/middleware.js
+++ b/src/middleware.js
@@ -2,11 +2,6 @@ import { NextResponse } from 'next/server';
 import { Ratelimit } from '@upstash/ratelimit';
 import { kv } from '@vercel/kv';
 
-const FRONTEND_HOSTNAME = process.env.FRONTEND_HOSTNAME
-const FRONTEND_STAGING_HOSTNAME = process.env.FRONTEND_STAGING_HOSTNAME
-const BACKEND_URL = process.env.BACKEND_URL
-const BACKEND_STAGING_URL = process.env.BACKEND_STAGING_URL
-
 const ratelimit = new Ratelimit({
   redis: kv,
   limiter: Ratelimit.slidingWindow(5, '10 s'),
@@ -19,8 +14,8 @@ export const config = {
 export default async function combinedMiddleware(request) {
   const ip = request.ip ?? '127.0.0.1';
   const pathname = request.nextUrl.pathname;
-  const host = request.headers.get('host');
-  console.log("Host", host)
+  const vercelBypass = request.headers.get('x-vercel-protection-bypass');
+
   // Allow access to .well-known paths
   if (pathname.startsWith('/.well-known')) {
     const { success } = await ratelimit.limit(ip);
@@ -29,23 +24,15 @@ export default async function combinedMiddleware(request) {
       : NextResponse.redirect(new URL('/blocked', request.url));
   }
 
-  // Check if the request is coming from allowed hosts
-  const allowedHosts = [
-    FRONTEND_HOSTNAME,
-    FRONTEND_STAGING_HOSTNAME,
-    new URL(BACKEND_URL).host,
-    new URL(BACKEND_STAGING_URL).host
-  ].filter(Boolean);
-  console.log("Allowed hosts", allowedHosts)
-
-  if (!allowedHosts.includes(host)) {
+  // Check if the request is coming from a Vercel deployment
+  if (!vercelBypass) {
     return new NextResponse(JSON.stringify({ error: 'Forbidden' }), { 
       status: 403,
       headers: { 'Content-Type': 'application/json' }
     });
   }
 
-  // Apply rate limiting for allowed hosts
+  // Apply rate limiting for allowed requests
   const { success } = await ratelimit.limit(ip);
   return success
     ? NextResponse.next()