diff --git a/lib/src/HttpFileImpl.cc b/lib/src/HttpFileImpl.cc
index ad9c692a76..860367f2da 100644
--- a/lib/src/HttpFileImpl.cc
+++ b/lib/src/HttpFileImpl.cc
@@ -38,9 +38,12 @@ int HttpFileImpl::save(const std::string &path) const
     {
         filesystem::path fsUploadPath(utils::toNativePath(
             HttpAppFrameworkImpl::instance().getUploadPath()));
-        fsPath = fsUploadPath / fsPath;
+        fsPath = (fsUploadPath / fsPath).lexically_normal();
     }
-    filesystem::path fsFileName(utils::toNativePath(fileName_));
+    auto fsFileName =
+        filesystem::path(utils::toNativePath(fileName_)).lexically_normal();
+    if (fsFileName.is_relative())
+        return -1;
     if (!filesystem::exists(fsPath))
     {
         LOG_TRACE << "create path:" << fsPath;
@@ -66,6 +69,14 @@ int HttpFileImpl::saveAs(const std::string &fileName) const
             HttpAppFrameworkImpl::instance().getUploadPath()));
         fsFileName = fsUploadPath / fsFileName;
     }
+    fsFileName = fsFileName.lexically_normal();
+    if (fsFileName.is_relative())
+    {
+        LOG_ERROR
+            << "Attempt writing outside of upload directory detected. Path: "
+            << fileName;
+        return -1;
+    }
     if (fsFileName.has_parent_path() &&
         !filesystem::exists(fsFileName.parent_path()))
     {