diff --git a/modules/cms-kit/src/Volo.CmsKit.Domain.Shared/Volo/CmsKit/Comments/CmsKitCommentOptions.cs b/modules/cms-kit/src/Volo.CmsKit.Domain.Shared/Volo/CmsKit/Comments/CmsKitCommentOptions.cs
index c163c8da85..ffa1097aab 100644
--- a/modules/cms-kit/src/Volo.CmsKit.Domain.Shared/Volo/CmsKit/Comments/CmsKitCommentOptions.cs
+++ b/modules/cms-kit/src/Volo.CmsKit.Domain.Shared/Volo/CmsKit/Comments/CmsKitCommentOptions.cs
@@ -16,7 +16,6 @@ public class CmsKitCommentOptions
 
     /// <summary>
     /// Indicates the allowed external URLs, which can be included in a comment.
-    /// If it's not specified, all external URLs will be allowed.
     /// </summary>
     public List<string> AllowedExternalUrls { get; set; } = new();
 }
diff --git a/modules/cms-kit/src/Volo.CmsKit.Public.Application/Volo/CmsKit/Public/Comments/CommentPublicAppService.cs b/modules/cms-kit/src/Volo.CmsKit.Public.Application/Volo/CmsKit/Public/Comments/CommentPublicAppService.cs
index 3d84a0ecf6..8809d8168e 100644
--- a/modules/cms-kit/src/Volo.CmsKit.Public.Application/Volo/CmsKit/Public/Comments/CommentPublicAppService.cs
+++ b/modules/cms-kit/src/Volo.CmsKit.Public.Application/Volo/CmsKit/Public/Comments/CommentPublicAppService.cs
@@ -160,11 +160,16 @@ public class CommentPublicAppService : CmsKitPublicAppServiceBase, ICommentPubli
 
     private void CheckExternalUrls(bool allowExternalUrls, string text)
     {
-        if (allowExternalUrls || !CmsCommentOptions.AllowedExternalUrls.Any())
+        if (allowExternalUrls)
         {
             return;
         }
 
+        if (!CmsCommentOptions.AllowedExternalUrls.Any())
+        {
+            throw new UserFriendlyException(L["UnAllowedExternalUrlMessage"]);
+        }
+
         var matches = Regex.Matches(text, RegexMarkdownUrlPattern,
             RegexOptions.Compiled | RegexOptions.IgnoreCase);
 
diff --git a/modules/cms-kit/test/Volo.CmsKit.Application.Tests/CmsKitApplicationTestModule.cs b/modules/cms-kit/test/Volo.CmsKit.Application.Tests/CmsKitApplicationTestModule.cs
index e20c222a58..041f77d63c 100644
--- a/modules/cms-kit/test/Volo.CmsKit.Application.Tests/CmsKitApplicationTestModule.cs
+++ b/modules/cms-kit/test/Volo.CmsKit.Application.Tests/CmsKitApplicationTestModule.cs
@@ -1,4 +1,6 @@
-using Volo.Abp.Modularity;
+using System.Collections.Generic;
+using Volo.Abp.Modularity;
+using Volo.CmsKit.Comments;
 
 namespace Volo.CmsKit;
 
@@ -8,5 +10,11 @@ namespace Volo.CmsKit;
     )]
 public class CmsKitApplicationTestModule : AbpModule
 {
-
+    public override void ConfigureServices(ServiceConfigurationContext context)
+    {
+        Configure<CmsKitCommentOptions>(options =>
+        {
+            options.AllowedExternalUrls = new List<string> { "https://abp.io" };
+        });
+    }
 }
diff --git a/modules/cms-kit/test/Volo.CmsKit.Application.Tests/Comments/CommentPublicAppService_Tests.cs b/modules/cms-kit/test/Volo.CmsKit.Application.Tests/Comments/CommentPublicAppService_Tests.cs
index d0e698937d..e9e7cc817b 100644
--- a/modules/cms-kit/test/Volo.CmsKit.Application.Tests/Comments/CommentPublicAppService_Tests.cs
+++ b/modules/cms-kit/test/Volo.CmsKit.Application.Tests/Comments/CommentPublicAppService_Tests.cs
@@ -3,6 +3,7 @@ using System.Threading.Tasks;
 using Microsoft.Extensions.DependencyInjection;
 using NSubstitute;
 using Shouldly;
+using Volo.Abp;
 using Volo.Abp.Users;
 using Volo.CmsKit.Public.Comments;
 using Xunit;
@@ -62,6 +63,23 @@ public class CommentPublicAppService_Tests : CmsKitApplicationTestBase
         });
     }
 
+    [Fact]
+    public async Task CreateAsync_ShouldThrowUserFriendlyException_If_Url_UnAllowed()
+    {
+        _currentUser.Id.Returns(_cmsKitTestData.User2Id);
+
+        await Should.ThrowAsync<UserFriendlyException>(async () =>
+            await _commentAppService.CreateAsync(
+                _cmsKitTestData.EntityType1,
+                _cmsKitTestData.EntityId1,
+                new CreateCommentInput {
+                    RepliedCommentId = null,
+                    Text = "[ABP Community](https://community.abp.io/)", //not allowed URL
+                    AllowExternalUrls = false
+                }
+            ));
+    }
+
     [Fact]
     public async Task UpdateAsync()
     {
@@ -80,6 +98,21 @@ public class CommentPublicAppService_Tests : CmsKitApplicationTestBase
             comment.Text.ShouldBe("I'm Updated");
         });
     }
+    
+    [Fact]
+    public async Task UpdateAsync_ShouldThrowUserFriendlyException_If_Url_UnAllowed()
+    {
+        _currentUser.Id.Returns(_cmsKitTestData.User2Id);
+
+        await Should.ThrowAsync<UserFriendlyException>(async () =>
+            await _commentAppService.UpdateAsync(
+                _cmsKitTestData.CommentWithChildId,
+                new UpdateCommentInput {
+                    Text = "[ABP Community - Update](https://community.abp.io/)", //not allowed URL
+                    AllowExternalUrls = false
+                }
+            ));
+    }
 
     [Fact]
     public async Task DeleteAsync()