diff --git a/mcp_docx_server.py b/mcp_docx_server.py
index a3249bb..48da0f7 100644
--- a/mcp_docx_server.py
+++ b/mcp_docx_server.py
@@ -29,12 +29,32 @@ import os
 from typing import Any, Dict, List, Optional
 
 from mcp.server.fastmcp import FastMCP
+from mcp.server.transport_security import TransportSecuritySettings
 
 from mcp_docx import get_images_info, process, _parse_span_replacement
 
 
+_disable_dns_rebinding = os.getenv("MCP_DISABLE_HOST_CHECK") == "1"
+
+if _disable_dns_rebinding:
+    # 参考 python-sdk 官方文档：关闭 DNS rebinding 防护（适合本地或已由外层网关做安全控制的环境）
+    # https://github.com/modelcontextprotocol/python-sdk/issues/1798
+    transport_security = TransportSecuritySettings(
+        enable_dns_rebinding_protection=False,
+    )
+else:
+    # 默认：开启 DNS rebinding 防护，但允许本机访问
+    # 如需通过网关 / 域名访问，可在这里追加 allowed_hosts / allowed_origins
+    transport_security = TransportSecuritySettings(
+        enable_dns_rebinding_protection=True,
+        allowed_hosts=["localhost:*", "127.0.0.1:*","149.88.66.186:*"],
+        allowed_origins=["http://localhost:*", "http://127.0.0.1:*","http://149.88.66.186:*"],
+    )
+
+
 mcp = FastMCP(
-    "docx-editor"
+    "docx-editor",
+    transport_security=transport_security,
 )