diff --git a/servlet/staticRoute.go b/servlet/staticRoute.go
index 4304a05..b79c390 100644
--- a/servlet/staticRoute.go
+++ b/servlet/staticRoute.go
@@ -68,6 +68,9 @@ type (
 // the provided VinegarServlet.
 var NewTextRoute RouteConstructor = func(servlet *VinegarServlet, urlPattern string, pathlike string, useCache bool) *FileRoute {
 	fileRoot := filepath.Clean(pathlike)
+	if strings.Contains(fileRoot, "../") {
+		panic("Traversing the directory is not allowed, use an absolute filepath instead")
+	}
 	defaultPrune := strings.Replace(urlPattern, ".*", "", -1)
 	route := FileRoute{srv: servlet, fileRoot: fileRoot, UseCache: useCache}
 	textRouteHandler := createCompressibleFileServletFunction(&route, defaultPrune, pathlike)
@@ -81,6 +84,9 @@ var NewTextRoute RouteConstructor = func(servlet *VinegarServlet, urlPattern str
 
 var NewImageRoute RouteConstructor = func(servlet *VinegarServlet, urlPattern string, pathlike string, useCache bool) *FileRoute {
 	fileRoot := filepath.Clean(pathlike)
+	if strings.Contains(fileRoot, "../") {
+		panic("Traversing the directory is not allowed, use an absolute filepath instead")
+	}
 	defaultPrune := strings.Replace(urlPattern, ".*", "", -1)
 	route := FileRoute{srv: servlet, fileRoot: fileRoot, UseCache: useCache}
 	rootRoute := NewServletRoute(urlPattern, createUncompressedFileServletFunction(&route, defaultPrune, pathlike))
@@ -171,6 +177,10 @@ func createSingleFileServletFunction(route *FileRoute) VinegarHandlerFunction {
 func createCompressibleFileServletFunction(route *FileRoute, basePattern string, pathlike string) VinegarHandlerFunction {
 	var fun VinegarHandlerFunction = func(w http.ResponseWriter, req *http.Request) {
 		stub := strings.Replace(req.URL.Path, basePattern, "", 1)
+		if strings.Contains(stub, "../") {
+			route.srv.SendError(w, req, 403, "Forbidden", errors.New("Stop trying directory traversal"))
+			return
+		}
 		cachedContent, exists := route.VinegarRoute.Cache.Get(stub)
 		//i don't like this logic below. we need to streamline this a lot better. it's a twisty jungle right now
 
@@ -214,7 +224,10 @@ func createCompressibleFileServletFunction(route *FileRoute, basePattern string,
 func createUncompressedFileServletFunction(route *FileRoute, basePattern string, pathlike string) VinegarHandlerFunction {
 	var fun VinegarHandlerFunction = func(w http.ResponseWriter, req *http.Request) {
 		stub := strings.Replace(req.URL.Path, basePattern, "", 1)
-
+		if strings.Contains(stub, "../") {
+			route.srv.SendError(w, req, 403, "Forbidden", errors.New("Stop trying directory traversal"))
+			return
+		}
 		rootPath := filepath.Clean(pathlike)
 		filePath := filepath.Clean(stub)
 		resourcePath := path.Join(rootPath, filePath)