diff --git a/example/logs b/example/logs
index 35b1ed2..9e6d259 100644
--- a/example/logs
+++ b/example/logs
@@ -150,3 +150,36 @@
 [2022-01-30T17:39:45Z] swebs started
 [2022-01-30T17:42:25Z] swebs started
 [2022-01-30T17:43:31Z] swebs started
+[2022-01-30T17:46:31Z] swebs started
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:46Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:46:52Z] Accepting a stream failed
+[2022-01-30T17:47:55Z] swebs started
+[2022-01-30T18:00:18Z] swebs started
+[2022-01-30T18:00:47Z] swebs started
+[2022-01-30T18:01:18Z] swebs started
+[2022-01-30T18:02:49Z] swebs started
+[2022-01-30T18:03:30Z] swebs started
+[2022-01-30T18:03:43Z] swebs started
+[2022-01-30T18:05:01Z] swebs started
+[2022-01-30T18:05:37Z] swebs started
+[2022-01-30T18:05:53Z] swebs started
+[2022-01-30T18:06:10Z] swebs started
+[2022-01-30T18:06:27Z] swebs started
diff --git a/example/run.sh b/example/run.sh
index 785c4bb..c7a8e50 100755
--- a/example/run.sh
+++ b/example/run.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-../build/swebs -s sitefile -o logs -p 8000
+../build/swebs -j 2 -s sitefile -o logs -p 8000
diff --git a/src/responses.c b/src/responses.c
index 17d2c8d..931d278 100644
--- a/src/responses.c
+++ b/src/responses.c
@@ -54,6 +54,7 @@ static void readResponse(Connection *conn, char *path) {
 			free(assembledPath);
 			goto error;
 		}
+
 		char responsePath[PATH_MAX];
 		if (realpath(path, responsePath) == NULL) {
 			free(assembledPath);
@@ -64,6 +65,22 @@ static void readResponse(Connection *conn, char *path) {
 			free(assembledPath);
 			goto forbidden;
 		}
+		//in theory an attacker could just request
+		// /blog/../../../../site/privatekey.pem
+		//so we make sure that the filepath is actually within the path
+		//specified by the page.
+
+		struct stat requestbuf;
+		if (stat(requestPath, &requestbuf)) {
+			free(assembledPath);
+			sendErrorResponse(conn, ERROR_404);
+			return;
+		}
+		if (S_ISDIR(requestbuf.st_mode)) {
+			free(assembledPath);
+			sendErrorResponse(conn, ERROR_400);
+			return;
+		}
 
 		file = fopen(requestPath, "r");
 		free(assembledPath);