diff --git a/src/Transformers/Request.php b/src/Transformers/Request.php
index 1dbd41db..791cd156 100644
--- a/src/Transformers/Request.php
+++ b/src/Transformers/Request.php
@@ -183,12 +183,20 @@ public static function handleStatic($swooleRequest, $swooleResponse, string $pub
     {
         $uri = $swooleRequest->server['request_uri'] ?? '';
         $extension = strtok(pathinfo($uri, PATHINFO_EXTENSION), '?');
-        $fileName = $publicPath . $uri;
+        $fileName = @realpath($publicPath . $uri);
+
+        if (!$fileName) {
+            return false;
+        }
 
         if ($extension && in_array($extension, static::EXTENSION_BLACKLIST)) {
             return false;
         }
 
+        if (substr($fileName, 0, strlen($publicPath)) != $publicPath) {
+            return false;
+        }
+
         if (! is_file($fileName) || ! filesize($fileName)) {
             return false;
         }