diff --git a/src/simplehttpd.c b/src/simplehttpd.c
index f0a8271a08cf8c977c0efafb65c13a329a8643c5..336a8f6e5db1459b4a2fde0bf2c3a77a8174bd90 100644
--- a/src/simplehttpd.c
+++ b/src/simplehttpd.c
@@ -117,6 +117,11 @@ void unimplemented(int client)
 
 int save_log_file(char *filename, char *buf, unsigned int len)
 {
+    char *result = strstr(filename, "/");
+    if (result != NULL) {
+        HTTPD_LOG_ERROR("filename is invalid.\n");
+        return -1;
+    }
     char path[2 * MAX_BUFFER_SIZE] = {0};
     sprintf(path, "%s%s", log_dir_path, filename);
     FILE *fp = fopen(path, "ab");