diff --git a/server/server.go b/server/server.go
index dc855cb..77336c7 100644
--- a/server/server.go
+++ b/server/server.go
@@ -69,6 +69,10 @@ func unsafeMethod(method string) bool {
 func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	reqPath := req.URL.Path
 	if BasePath != "" {
+		if !strings.HasPrefix(reqPath, BasePath) {
+			rw.WriteHeader(http.StatusNotFound)
+			return
+		}
 		reqPath = strings.TrimPrefix(req.URL.Path, BasePath)
 		if reqPath == "" {
 			http.Redirect(rw, req, BasePath+"/", http.StatusFound)