diff --git a/server.js b/server.js
index 5ae6a9d..cf047cf 100644
--- a/server.js
+++ b/server.js
@@ -5,6 +5,11 @@ const path = require('path')
 
 const server = http.createServer((req, res) => {
 
+    if (path.normalize(decodeURIComponent(pathObj.pathname)) !== decodeURIComponent(pathObj.pathname)) {
+        res.statusCode = 403;
+        res.end();
+        return;
+    }
     let pathObj = url.parse(req.url, true)
     let static = path.resolve(__dirname, './')
     let filepath = decodeURIComponent(path.join(static, pathObj.pathname))