diff --git a/CHANGELOG b/CHANGELOG
index 086e75e47..79bd59b07 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,6 @@
+2.3.3
+- Fixed: Multiple concurrent map writes when whitelisting IPs during heavy loads.
+
 2.3.2
 - ACMEv2 support added to comply with LetsEncrypt requirements.
 - Fixed session cookie output to support EditThisCookie on the latest Chrome version.
diff --git a/core/banner.go b/core/banner.go
index 464b49a0c..7924d076b 100644
--- a/core/banner.go
+++ b/core/banner.go
@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	VERSION = "2.3.2"
+	VERSION = "2.3.3"
 )
 
 func putAsciiArt(s string) {
diff --git a/core/http_proxy.go b/core/http_proxy.go
index 38772415b..95ad7b556 100644
--- a/core/http_proxy.go
+++ b/core/http_proxy.go
@@ -21,6 +21,7 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/elazarl/goproxy"
@@ -61,6 +62,7 @@ type HttpProxy struct {
 	ip_whitelist      map[string]int64
 	ip_sids           map[string]string
 	auto_filter_mimes []string
+	ip_mtx            sync.Mutex
 }
 
 type ProxySession struct {
@@ -1058,12 +1060,18 @@ func (p *HttpProxy) deleteRequestCookie(name string, req *http.Request) {
 }
 
 func (p *HttpProxy) whitelistIP(ip_addr string, sid string) {
+	p.ip_mtx.Lock()
+	defer p.ip_mtx.Unlock()
+
 	log.Debug("whitelistIP: %s %s", ip_addr, sid)
 	p.ip_whitelist[ip_addr] = time.Now().Add(15 * time.Second).Unix()
 	p.ip_sids[ip_addr] = sid
 }
 
 func (p *HttpProxy) isWhitelistedIP(ip_addr string) bool {
+	p.ip_mtx.Lock()
+	defer p.ip_mtx.Unlock()
+
 	log.Debug("isWhitelistIP: %s", ip_addr)
 	ct := time.Now()
 	if ip_t, ok := p.ip_whitelist[ip_addr]; ok {
@@ -1074,6 +1082,9 @@ func (p *HttpProxy) isWhitelistedIP(ip_addr string) bool {
 }
 
 func (p *HttpProxy) getSessionIdByIP(ip_addr string) (string, bool) {
+	p.ip_mtx.Lock()
+	defer p.ip_mtx.Unlock()
+
 	sid, ok := p.ip_sids[ip_addr]
 	return sid, ok
 }