diff --git a/boot.php b/boot.php
index 763dfc3f..1dd53943 100644
--- a/boot.php
+++ b/boot.php
@@ -2,7 +2,7 @@
 
 set_time_limit(0);
 
-define ( 'FRIENDIKA_VERSION',      '2.1.953' );
+define ( 'FRIENDIKA_VERSION',      '2.1.954' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.21'    );
 define ( 'DB_UPDATE_VERSION',      1053      );
 
diff --git a/mod/follow.php b/mod/follow.php
index 23fad81a..a1412e6c 100644
--- a/mod/follow.php
+++ b/mod/follow.php
@@ -12,6 +12,13 @@ function follow_post(&$a) {
 
 	$url = $orig_url = notags(trim($_POST['url']));
 
+	if(! allowed_url($url)) {
+		notice( t('Disallowed profile URL.') . EOL);
+		goaway($_SESSION['return_url']);
+		// NOTREACHED
+	}
+
+
 	$ret = probe_url($url);