diff --git a/src/Helldivers-2-API/Configuration/ApiConfiguration.cs b/src/Helldivers-2-API/Configuration/ApiConfiguration.cs
index 7dfa758..1dadb48 100644
--- a/src/Helldivers-2-API/Configuration/ApiConfiguration.cs
+++ b/src/Helldivers-2-API/Configuration/ApiConfiguration.cs
@@ -15,6 +15,11 @@ public sealed class ApiConfiguration
     /// </summary>
     public int RateLimitWindow { get; set; }
 
+    /// <summary>
+    /// A comma separated list of clients that are (temporarily) blacklisted from making requests.
+    /// </summary>
+    public string Blacklist { get; set; } = string.Empty;
+
     /// <summary>
     /// Contains the <see cref="AuthenticationConfiguration" /> for the API.
     /// </summary>
diff --git a/src/Helldivers-2-API/Middlewares/BlacklistMiddleware.cs b/src/Helldivers-2-API/Middlewares/BlacklistMiddleware.cs
new file mode 100644
index 0000000..0a8bdb7
--- /dev/null
+++ b/src/Helldivers-2-API/Middlewares/BlacklistMiddleware.cs
@@ -0,0 +1,25 @@
+using Helldivers.API.Configuration;
+using Helldivers.API.Metrics;
+using Microsoft.Extensions.Options;
+
+namespace Helldivers.API.Middlewares;
+
+/// <summary>
+/// Handles closing connections from blacklisted clients that violate ToS.
+/// </summary>
+public sealed class BlacklistMiddleware(IOptions<ApiConfiguration> options) : IMiddleware
+{
+    /// <inheritdoc />
+    public async Task InvokeAsync(HttpContext context, RequestDelegate next)
+    {
+        var client = ClientMetric.GetClientName(context);
+        if (options.Value.Blacklist.Contains(client, StringComparison.InvariantCultureIgnoreCase))
+        {
+            // don't send response, only wastes more bytes.
+            context.Abort();
+            return;
+        }
+
+        await next(context);
+    }
+}
diff --git a/src/Helldivers-2-API/Program.cs b/src/Helldivers-2-API/Program.cs
index b42ed4d..66970ce 100644
--- a/src/Helldivers-2-API/Program.cs
+++ b/src/Helldivers-2-API/Program.cs
@@ -45,6 +45,7 @@
 // Register the rate limiting middleware.
 builder.Services.AddTransient<RateLimitMiddleware>();
 builder.Services.AddTransient<RedirectFlyDomainMiddleware>();
+builder.Services.AddTransient<BlacklistMiddleware>();
 
 // Register the memory cache, used in the rate limiting middleware.
 builder.Services.AddMemoryCache();
@@ -186,6 +187,7 @@
 var app = builder.Build();
 
 app.UseMiddleware<RedirectFlyDomainMiddleware>();
+app.UseMiddleware<BlacklistMiddleware>();
 
 // Track telemetry for Prometheus (Fly.io metrics)
 app.UseHttpMetrics(options =>
diff --git a/src/Helldivers-2-API/appsettings.json b/src/Helldivers-2-API/appsettings.json
index 2e2214c..42494c4 100644
--- a/src/Helldivers-2-API/appsettings.json
+++ b/src/Helldivers-2-API/appsettings.json
@@ -12,6 +12,7 @@
     "API": {
       "RateLimit": 5,
       "RateLimitWindow": 10,
+      "Blacklist": "",
       "Authentication": {
         "Enabled": true,
         "ValidIssuers": ["dealloc"],