diff --git a/server/main.py b/server/main.py
index 1648da1..633e7a9 100644
--- a/server/main.py
+++ b/server/main.py
@@ -33,20 +33,9 @@ BUILDS_DIR = Path("builds")
 import os
 import middleware as mw
 
-# Manually blocked IPs
-BLOCKED_IPS = set(os.environ.get("BLOCKED_IPS", "").split(",")) - {""}
-
-# Load public blocklists (set to "false" to disable)
-USE_PUBLIC_BLOCKLIST = os.environ.get("PUBLIC_BLOCKLIST", "true").lower() == "true"
-
-if USE_PUBLIC_BLOCKLIST:
-    public_ips = mw.load_public_blocklists()
-    BLOCKED_IPS.update(public_ips)
-
-if BLOCKED_IPS:
-    logger.info(f"Total blocked IPs: {len(BLOCKED_IPS)}")
-
-mw.set_ip_config(blocked=BLOCKED_IPS)
+# Only configure manually blocked IPs at import time
+# Public blocklists are loaded in lifespan (once, not per-worker)
+MANUAL_BLOCKED_IPS = set(os.environ.get("BLOCKED_IPS", "").split(",")) - {""}
 
 
 @asynccontextmanager
@@ -56,6 +45,15 @@ async def lifespan(app: FastAPI):
     # Initialize logging
     init_logging()
     
+    # Load public blocklists (only once, in main process)
+    USE_PUBLIC_BLOCKLIST = os.environ.get("PUBLIC_BLOCKLIST", "true").lower() == "true"
+    all_blocked = set(MANUAL_BLOCKED_IPS)
+    if USE_PUBLIC_BLOCKLIST:
+        public_ips = mw.load_public_blocklists()
+        all_blocked.update(public_ips)
+    mw.set_ip_config(blocked=all_blocked)
+    logger.info(f"IP blocklist loaded: {len(all_blocked)} IPs")
+    
     # Determine environment
     if args.test:
         env = "test"