diff --git a/Dockerfile b/Dockerfile
index 7e873fa..5cc8c00 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,6 +32,8 @@ RUN \
 ENV ALLOW_RESTARTS=0 \
   ALLOW_STOP=0 \
   ALLOW_START=0 \
+  ALLOW_PAUSE=0 \
+  ALLOW_UNPAUSE=0 \
   AUTH=0 \
   BUILD=0 \
   COMMIT=0 \
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 7e873fa..5cc8c00 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -32,6 +32,8 @@ RUN \
 ENV ALLOW_RESTARTS=0 \
   ALLOW_STOP=0 \
   ALLOW_START=0 \
+  ALLOW_PAUSE=0 \
+  ALLOW_UNPAUSE=0 \
   AUTH=0 \
   BUILD=0 \
   COMMIT=0 \
diff --git a/Dockerfile.riscv64 b/Dockerfile.riscv64
index 7e873fa..5cc8c00 100644
--- a/Dockerfile.riscv64
+++ b/Dockerfile.riscv64
@@ -32,6 +32,8 @@ RUN \
 ENV ALLOW_RESTARTS=0 \
   ALLOW_STOP=0 \
   ALLOW_START=0 \
+  ALLOW_PAUSE=0 \
+  ALLOW_UNPAUSE=0 \
   AUTH=0 \
   BUILD=0 \
   COMMIT=0 \
diff --git a/readme-vars.yml b/readme-vars.yml
index 417a180..0c51f34 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -92,6 +92,8 @@ full_custom_readme: |
         - ALLOW_START=0 #optional
         - ALLOW_STOP=0 #optional
         - ALLOW_RESTARTS=0 #optional
+        - ALLOW_PAUSE=0 #optional
+        - ALLOW_RESUME=0 #optional
         - AUTH=0 #optional
         - BUILD=0 #optional
         - COMMIT=0 #optional
@@ -176,6 +178,8 @@ full_custom_readme: |
   | `-e ALLOW_START=0` | `/containers/{id}/start` - **This option will work even if `POST=0`** |
   | `-e ALLOW_STOP=0` | `/containers/{id}/stop` - **This option will work even if `POST=0`** |
   | `-e ALLOW_RESTARTS=0` | `/containers/{id}/stop`, `/containers/{id}/restart`, and `/containers/{id}/kill` - **This option will work even if `POST=0`** |
+  | `-e ALLOW_PAUSE=0` | `/containers/{id}/pause` - **This option will work even if `POST=0`** |
+  | `-e ALLOW_UNPAUSE=0` | `/containers/{id}/unpause` - **This option will work even if `POST=0`** |
   | `-e AUTH=0` | `/auth` |
   | `-e BUILD=0` | `/build` |
   | `-e COMMIT=0` | `/commit` |
@@ -326,6 +330,7 @@ full_custom_readme: |
 
   ## Versions
 
+  * **24.02.26:** - Add `ALLOW_PAUSE` and `ALLOW_UNPAUSE`.
   * **26.12.25:** - Rebase to Alpine 3.23.
   * **19.08.25:** - Add tzdata for localised logging timestamps.
   * **03.06.25:** - Rebase to Alpine 3.22. Add RISCV support.
diff --git a/root/templates/haproxy.cfg b/root/templates/haproxy.cfg
index a4fd70f..cf51431 100644
--- a/root/templates/haproxy.cfg
+++ b/root/templates/haproxy.cfg
@@ -28,6 +28,8 @@ frontend proxy
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/pause } { env(ALLOW_PAUSE) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/unpause } { env(ALLOW_UNPAUSE) -m bool }
     http-request deny unless METH_GET || { env(POST) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }