diff --git a/protocol/solid-protocol-test-manifest.ttl b/protocol/solid-protocol-test-manifest.ttl
index 8eb41fa..bc44abf 100644
--- a/protocol/solid-protocol-test-manifest.ttl
+++ b/protocol/solid-protocol-test-manifest.ttl
@@ -96,3 +96,10 @@ manifest:slug-uri-assignment
   spec:testScript
     <https://github.com/solid/specification-tests/protocol/read-write-resource/post-uri-assignment-slug.feature> .
 
+manifest:protect-containment
+  a td:TestCase ;
+    spec:requirementReference sopr:server-protect-containment ;
+  td:reviewStatus td:unreviewed ;
+  spec:testScript
+    <https://github.com/solid/specification-tests/protocol/writing-resource/protect-containment.feature> .
+
diff --git a/protocol/writing-resource/protect-containment.feature b/protocol/writing-resource/protect-containment.feature
new file mode 100644
index 0000000..a4b22a3
--- /dev/null
+++ b/protocol/writing-resource/protect-containment.feature
@@ -0,0 +1,82 @@
+Feature: Server protects containment triples
+  
+  Background: Set up container and a few child resources
+    * def testContainer = rootTestContainer.createContainer()
+    * def exampleTurtle = karate.readAsString('../fixtures/example.ttl')
+    * def resource1 = testContainer.createResource('.ttl', exampleTurtle, 'text/turtle');
+    * def resource2 = testContainer.createResource('.txt', 'DAHUT', 'text/plain');
+    * def resource3 = testContainer.createResource('.txt', 'FOOBAR', 'text/plain');
+    * def container1 = testContainer.createContainer()   
+    * def children = ([ resource1.url, resource2.url, resource3.url, container1.url ])
+    
+  Scenario: PUT invalid object to container
+    Given url testContainer.url
+    And headers clients.alice.getAuthHeaders('GET', testContainer.url)
+    When method GET
+    Then status 200
+    * def contained = parse(response, 'text/turtle', testContainer.url).members 
+    And match contained contains only children
+    And match children contains only contained
+
+    Given url testContainer.url
+    And headers clients.alice.getAuthHeaders('PUT', testContainer.url)
+    And header Content-Type = 'text/turtle'
+    And request '<> <http://www.w3.org/ns/ldp#contains> </foobar>.'
+    When method PUT
+    Then status 409
+
+    Given url testContainer.url
+    And headers clients.alice.getAuthHeaders('GET', testContainer.url)
+    When method GET
+    Then status 200
+    * def contained = parse(response, 'text/turtle', testContainer.url).members
+    And match contained contains only children
+    And match children contains only contained
+
+  Scenario: PUT invalid subject and object to container
+    Given url testContainer.url
+    And headers clients.alice.getAuthHeaders('GET', testContainer.url)
+    When method GET
+    Then status 200
+    * def contained = parse(response, 'text/turtle', testContainer.url).members 
+    And match contained contains only children
+    And match children contains only contained
+
+    Given url testContainer.url
+    And headers clients.alice.getAuthHeaders('PUT', testContainer.url)
+    And header Content-Type = 'text/turtle'
+    And request '</dahut/> <http://www.w3.org/ns/ldp#contains> </foobar>.'
+    When method PUT
+    Then status 409
+
+    Given url testContainer.url
+    And headers clients.alice.getAuthHeaders('GET', testContainer.url)
+    When method GET
+    Then status 200
+    * def contained = parse(response, 'text/turtle', testContainer.url).members
+    And match contained contains only children
+    And match children contains only contained
+
+  Scenario: PUT invalid subject to container
+    Given url testContainer.url
+    And headers clients.alice.getAuthHeaders('GET', testContainer.url)
+    When method GET
+    Then status 200
+    * def contained = parse(response, 'text/turtle', testContainer.url).members 
+    And match contained contains only children
+    And match children contains only contained
+
+    Given url testContainer.url
+    And headers clients.alice.getAuthHeaders('PUT', testContainer.url)
+    And header Content-Type = 'text/turtle'
+    And request '</dahut/> <http://www.w3.org/ns/ldp#contains> <' + resource1.url + '> .'
+    When method PUT
+    Then status 409
+
+    Given url testContainer.url
+    And headers clients.alice.getAuthHeaders('GET', testContainer.url)
+    When method GET
+    Then status 200
+    * def contained = parse(response, 'text/turtle', testContainer.url).members
+    And match contained contains only children
+    And match children contains only contained