diff --git a/contact-center/app/src/main/java/com/cskefu/cc/controller/resource/MediaController.java b/contact-center/app/src/main/java/com/cskefu/cc/controller/resource/MediaController.java
index 3444daa9..65352ee1 100644
--- a/contact-center/app/src/main/java/com/cskefu/cc/controller/resource/MediaController.java
+++ b/contact-center/app/src/main/java/com/cskefu/cc/controller/resource/MediaController.java
@@ -44,6 +44,7 @@ import org.springframework.web.multipart.MultipartFile;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
+import java.util.regex.Pattern;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -100,6 +101,9 @@ public class MediaController extends Handler {
         if (StringUtils.isBlank(url)) {
             return;
         }
+        if(!Pattern.matches("^https?://.*/.*$", url)) { //只允许http/https协议
+            return;
+        }
         byte[] data = new byte[1024];
         int length = 0;
         OutputStream out = response.getOutputStream();