diff --git a/Cargo.lock b/Cargo.lock
index 14cd127a..3c91977a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1891,7 +1891,7 @@ dependencies = [
 
 [[package]]
 name = "hbbs"
-version = "1.1.99-45a"
+version = "1.1.99-46"
 dependencies = [
  "async-speed-limit",
  "async-trait",
@@ -2773,7 +2773,7 @@ dependencies = [
 [[package]]
 name = "oauth2"
 version = "0.1.0"
-source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#46364ab29e095bfe6ba4d5b59d765077b5113842"
+source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#63cb5323e8c6e19054d4163c610eb2ce28c9f9c9"
 dependencies = [
  "base64 0.22.1",
  "log",
@@ -3756,7 +3756,7 @@ checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1"
 [[package]]
 name = "s3software"
 version = "0.1.0"
-source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#46364ab29e095bfe6ba4d5b59d765077b5113842"
+source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#63cb5323e8c6e19054d4163c610eb2ce28c9f9c9"
 dependencies = [
  "aws-config",
  "aws-sdk-s3",
@@ -3834,8 +3834,8 @@ dependencies = [
 
 [[package]]
 name = "sctgdesk-api-server"
-version = "1.1.99-45a"
-source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#46364ab29e095bfe6ba4d5b59d765077b5113842"
+version = "1.1.99-46"
+source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#63cb5323e8c6e19054d4163c610eb2ce28c9f9c9"
 dependencies = [
  "base64 0.22.1",
  "bcrypt",
@@ -4350,7 +4350,7 @@ dependencies = [
 [[package]]
 name = "state"
 version = "0.1.0"
-source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#46364ab29e095bfe6ba4d5b59d765077b5113842"
+source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#63cb5323e8c6e19054d4163c610eb2ce28c9f9c9"
 dependencies = [
  "base64 0.22.1",
  "bcrypt",
@@ -5013,7 +5013,7 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
 [[package]]
 name = "utils"
 version = "0.1.0"
-source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#46364ab29e095bfe6ba4d5b59d765077b5113842"
+source = "git+https://github.com/sctg-development/sctgdesk-api-server.git?branch=main#63cb5323e8c6e19054d4163c610eb2ce28c9f9c9"
 dependencies = [
  "base64 0.22.1",
  "chrono",
diff --git a/Cargo.toml b/Cargo.toml
index a7b7d475..747322c9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "hbbs"
-version = "1.1.99-45a"
+version = "1.1.99-46"
 authors = ["sctg <sctgdesk@k-cloud.pp.ua>", "rustdesk <info@rustdesk.com>"]
 edition = "2021"
 build = "build.rs"
diff --git a/README.md b/README.md
index e78e4336..4968e0ec 100644
--- a/README.md
+++ b/README.md
@@ -246,6 +246,11 @@ RestartSec=10
 WantedBy=multi-user.target
 ```
 
+# Limit unwanted access
+
+The `--logged-in-only` option or the `LOGGED_IN_ONLY=Y` environment setting is available for the hbbs server. This option will limit the control to logged in users only.  
+Even if this option is set users will still be able to register in the Renvez-vous server but won't be able to control another one.
+
 # RustDesk Server Program
 
 [![build](https://github.com/sctg-development/sctgdesk-server/actions/workflows/multiarch-docker-hub.yml/badge.svg)](https://github.com/sctg-development/sctgdesk-server/actions/workflows/multiarch-docker-hub.yml)
diff --git a/src/common.rs b/src/common.rs
index bf8e5b67..fb090b43 100644
--- a/src/common.rs
+++ b/src/common.rs
@@ -77,6 +77,9 @@ pub fn init_args(args: &str, name: &str, about: &str) {
             }
         }
     }
+    if matches.is_present("logged-in-only") {
+        std::env::set_var("LOGGED_IN_ONLY", "Y");
+    }
     for (k, v) in matches.args {
         if let Some(v) = v.vals.first() {
             std::env::set_var(arg_name(k), v.to_string_lossy().to_string());
diff --git a/src/main.rs b/src/main.rs
index f29252d2..30065ff3 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -77,7 +77,8 @@ fn main() -> ResultType<()> {
         -r, --relay-servers=[HOST] 'Sets the default relay servers, separated by comma'
         -M, --rmem=[NUMBER(default={RMEM})] 'Sets UDP recv buffer size, set system rmem_max first, e.g., sudo sysctl -w net.core.rmem_max=52428800. vi /etc/sysctl.conf, net.core.rmem_max=52428800, sudo sysctl –p'
         , --mask=[MASK] 'Determine if the connection comes from LAN, e.g. 192.168.0.0/16'
-        -k, --key=[KEY] 'Only allow the client with the same key'",
+        -k, --key=[KEY] 'Only allow the client with the same key'
+        , --logged-in-only 'Only allow logged in user to control'",
     );
     init_args(&args, "hbbs", "RustDesk ID/Rendezvous Server");
     let port = get_arg_or("port", RENDEZVOUS_PORT.to_string()).parse::<i32>()?;
@@ -86,7 +87,7 @@ fn main() -> ResultType<()> {
     }
     let rmem = get_arg("rmem").parse::<usize>().unwrap_or(RMEM);
     let serial: i32 = get_arg("serial").parse().unwrap_or(0);
-    
+
     std::env::set_var("MAIN_PKG_VERSION", env!("CARGO_PKG_VERSION"));
     let handle = thread::spawn(|| {
         let rt = rocket::tokio::runtime::Runtime::new().unwrap();
diff --git a/src/rendezvous_server.rs b/src/rendezvous_server.rs
index 8eb58e01..dea2f017 100644
--- a/src/rendezvous_server.rs
+++ b/src/rendezvous_server.rs
@@ -813,6 +813,8 @@ impl RendezvousServer {
             });
             return Ok((msg_out, None));
         }
+        // For limiting abuse, only allow logged in users to punch hole
+        // if LOGGED_IN_ONLY=Y is set in env or --logged-in-only is passed
         if ph.token.is_empty() && std::env::var("LOGGED_IN_ONLY")
             .unwrap_or_default()
             .to_uppercase()