diff --git a/lib/sprockets/server.rb b/lib/sprockets/server.rb
index f69133831..c12dc624e 100644
--- a/lib/sprockets/server.rb
+++ b/lib/sprockets/server.rb
@@ -87,7 +87,7 @@ def forbidden_request?(path)
         #
         #     http://example.org/assets/../../../etc/passwd
         #
-        path.include?("..")
+        path.include?("..") || Pathname.new(path).absolute?
       end
 
       # Returns a 403 Forbidden response tuple
diff --git a/test/test_server.rb b/test/test_server.rb
index fb7d4415f..98f1456b6 100644
--- a/test/test_server.rb
+++ b/test/test_server.rb
@@ -198,10 +198,22 @@ def app
   end
 
   test "illegal require outside load path" do
-    get "/assets/../config/passwd"
+    get "/assets//etc/passwd"
     assert_equal 403, last_response.status
 
-    get "/assets/%2e%2e/config/passwd"
+    get "/assets/%2fetc/passwd"
+    assert_equal 403, last_response.status
+
+    get "/assets//%2fetc/passwd"
+    assert_equal 403, last_response.status
+
+    get "/assets/%2f/etc/passwd"
+    assert_equal 403, last_response.status
+
+    get "/assets/../etc/passwd"
+    assert_equal 403, last_response.status
+
+    get "/assets/%2e%2e/etc/passwd"
     assert_equal 403, last_response.status
   end