diff --git a/CHANGELOG.md b/CHANGELOG.md
index bb8d4035..2ec165dc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
 ### Added
 - `IMGPROXY_LOG_LEVEL` config.
 - `max_bytes` processing option.
+- `IMGPROXY_ALLOWED_SOURCES` config.
 
 ### Changed
 - Docker image base is changed to Debian 10 for better stability and performance.
diff --git a/config.go b/config.go
index c73d034a..1a409516 100644
--- a/config.go
+++ b/config.go
@@ -132,8 +132,7 @@ func sourceEnvConfig(allowedsources *[]string, name string) {
 	sources := []string{}
 	if env := os.Getenv(name); len(env) > 0 {
 		for _, source := range strings.Split(env, ",") {
-			logWarning("source: %s", source)
-			sources = append(sources, fmt.Sprintf("%s://", source))
+			sources = append(sources, fmt.Sprintf("%s://", strings.TrimSpace(source)))
 		}
 	}
 	*allowedsources = sources
@@ -287,6 +286,8 @@ func configure() {
 	}
 	intEnvConfig(&conf.MaxAnimationFrames, "IMGPROXY_MAX_ANIMATION_FRAMES")
 
+	sourceEnvConfig(&conf.AllowedSources, "IMGPROXY_ALLOWED_SOURCES")
+
 	boolEnvConfig(&conf.JpegProgressive, "IMGPROXY_JPEG_PROGRESSIVE")
 	boolEnvConfig(&conf.PngInterlaced, "IMGPROXY_PNG_INTERLACED")
 	boolEnvConfig(&conf.PngQuantize, "IMGPROXY_PNG_QUANTIZE")
@@ -318,7 +319,6 @@ func configure() {
 	boolEnvConfig(&conf.DevelopmentErrorsMode, "IMGPROXY_DEVELOPMENT_ERRORS_MODE")
 
 	strEnvConfig(&conf.LocalFileSystemRoot, "IMGPROXY_LOCAL_FILESYSTEM_ROOT")
-	sourceEnvConfig(&conf.AllowedSources, "IMGPROXY_ALLOWED_SOURCES")
 
 	boolEnvConfig(&conf.S3Enabled, "IMGPROXY_USE_S3")
 	strEnvConfig(&conf.S3Region, "IMGPROXY_S3_REGION")
diff --git a/docs/configuration.md b/docs/configuration.md
index da5ee8be..ad8fe20d 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -63,6 +63,10 @@ When you use imgproxy in a development environment, it can be useful to ignore S
 
 * `IMGPROXY_IGNORE_SSL_VERIFICATION`: when true, disables SSL verification, so imgproxy can be used in a development environment with self-signed SSL certificates.
 
+You can limit allowed protocols of the source URLs:
+
+* `IMGPROXY_ALLOWED_SOURCES`: when set, limits allowed source URL protocols. Example: `https,s3,local`. Default: blank.
+
 Also you may want imgproxy to respond with the same error message that it writes to the log:
 
 * `IMGPROXY_DEVELOPMENT_ERRORS_MODE`: when true, imgproxy will respond with detailed error messages. Not recommended for production because some errors may contain stack trace.
@@ -166,7 +170,6 @@ imgproxy can be switched into "presets-only mode". In this mode, imgproxy accept
 imgproxy can serve your local images, but this feature is disabled by default. To enable it, specify your local filesystem root:
 
 * `IMGPROXY_LOCAL_FILESYSTEM_ROOT`: the root of the local filesystem. Keep empty to disable serving of local files.
-* `IMGPROXY_ONLY_LOCAL_FILESYSTEM`: when true only allows images to be served from the local filesytem. Default: false;
 
 Check out the [Serving local files](serving_local_files.md) guide to learn more.
 
diff --git a/processing_options.go b/processing_options.go
index 9ed0f389..788c5af5 100644
--- a/processing_options.go
+++ b/processing_options.go
@@ -795,11 +795,9 @@ func applyProcessingOptions(po *processingOptions, options urlOptions) error {
 func isAllowedSource(imageURL string) bool {
 	logWarning("URL: %s", imageURL)
 	if len(conf.AllowedSources) == 0 {
-		logWarning("No sources set")
 		return true
 	}
 	for _, val := range conf.AllowedSources {
-		logWarning("Allowed Source: %s", string(val))
 		if strings.HasPrefix(imageURL, string(val)) {
 			return true
 		}