diff --git a/src/config.rs b/src/config.rs
index 160ad56..2a7dd5b 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1,4 +1,9 @@
-use crate::{data::ActorCache, error::MyError, middleware::MyVerify, requests::Requests};
+use crate::{
+    data::{ActorCache, State},
+    error::MyError,
+    middleware::MyVerify,
+    requests::Requests,
+};
 use activitystreams::{uri, url::Url};
 use config::Environment;
 use http_signature_normalization_actix::prelude::{VerifyDigest, VerifySignature};
@@ -109,11 +114,12 @@ impl Config {
         &self,
         requests: Requests,
         actors: ActorCache,
+        state: State,
     ) -> VerifySignature<MyVerify> {
         if self.validate_signatures {
-            VerifySignature::new(MyVerify(requests, actors), Default::default())
+            VerifySignature::new(MyVerify(requests, actors, state), Default::default())
         } else {
-            VerifySignature::new(MyVerify(requests, actors), Default::default()).optional()
+            VerifySignature::new(MyVerify(requests, actors, state), Default::default()).optional()
         }
     }
 
diff --git a/src/main.rs b/src/main.rs
index f3aa48a..8e6d2ff 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -133,7 +133,11 @@ async fn main() -> Result<(), anyhow::Error> {
             .service(
                 web::resource("/inbox")
                     .wrap(config.digest_middleware())
-                    .wrap(config.signature_middleware(state.requests(), actors.clone()))
+                    .wrap(config.signature_middleware(
+                        state.requests(),
+                        actors.clone(),
+                        state.clone(),
+                    ))
                     .wrap(DebugPayload(config.debug()))
                     .route(web::post().to(inbox)),
             )
diff --git a/src/middleware/verifier.rs b/src/middleware/verifier.rs
index b140518..3c21aef 100644
--- a/src/middleware/verifier.rs
+++ b/src/middleware/verifier.rs
@@ -1,6 +1,11 @@
-use crate::{data::ActorCache, error::MyError, requests::Requests};
+use crate::{
+    data::{ActorCache, State},
+    error::MyError,
+    requests::Requests,
+};
 use activitystreams::uri;
 use actix_web::web;
+use futures::join;
 use http_signature_normalization_actix::{prelude::*, verify::DeprecatedAlgorithm};
 use log::error;
 use rsa::{hash::Hash, padding::PaddingScheme, PublicKey, RSAPublicKey};
@@ -9,7 +14,7 @@ use sha2::{Digest, Sha256};
 use std::{future::Future, pin::Pin};
 
 #[derive(Clone)]
-pub struct MyVerify(pub Requests, pub ActorCache);
+pub struct MyVerify(pub Requests, pub ActorCache, pub State);
 
 impl MyVerify {
     async fn verify(
@@ -20,6 +25,18 @@ impl MyVerify {
         signing_string: String,
     ) -> Result<bool, MyError> {
         let mut uri = uri!(key_id);
+
+        let (is_blocked, is_whitelisted) =
+            join!(self.2.is_blocked(&uri), self.2.is_whitelisted(&uri));
+
+        if is_blocked {
+            return Err(MyError::Blocked(key_id));
+        }
+
+        if !is_whitelisted {
+            return Err(MyError::Whitelist(key_id));
+        }
+
         uri.set_fragment(None);
         let actor = self.1.get(&uri, &self.0).await?;
         let was_cached = actor.is_cached();