diff --git a/internal/nodes/http_request_root.go b/internal/nodes/http_request_root.go
index 7a4377d..c693541 100644
--- a/internal/nodes/http_request_root.go
+++ b/internal/nodes/http_request_root.go
@@ -66,6 +66,19 @@ func (this *HTTPRequest) doRoot() (isBreak bool) {
 		requestPath = this.uri[:questionMarkIndex]
 	}
 
+	// except hidden files
+	if this.web.Root.ExceptHiddenFiles &&
+		(strings.Contains(requestPath, "/.") || strings.Contains(requestPath, "\\.")) {
+		this.write404()
+		return true
+	}
+
+	// except and only files
+	if !this.web.Root.MatchURL(this.URL()) {
+		this.write404()
+		return true
+	}
+
 	// 去掉其中的奇怪的路径
 	requestPath = strings.Replace(requestPath, "..\\", "", -1)