diff --git a/samples/server.js b/samples/server.js
index c3f09577..b9754e49 100644
--- a/samples/server.js
+++ b/samples/server.js
@@ -19,6 +19,12 @@ http.createServer({}, function(request, response) {
   var uri = url.parse(request.url).pathname,
     filename = path.join(process.cwd(), uri);
 
+  if (uri.includes('..')) {
+    response.writeHead(403);
+    response.end();
+    return;
+  }
+
   fs.exists(filename, function(exists) {
     if(!exists) {
       response.writeHead(404, { "Content-Type": "text/plain" });