diff --git a/main.go b/main.go
index f5f3680..5770749 100644
--- a/main.go
+++ b/main.go
@@ -6,13 +6,19 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strings"
 )
 
 var port = flag.Int("port", 8000, "port from which to serve")
+var hidden = flag.Bool("hidden", false, "allow serving hidden dirs")
 
 func logger(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		log.Printf("%s: %s\n", r.RemoteAddr, r.URL)
+		if !*hidden && strings.Contains(r.URL.Path, "/.") {
+			http.Error(w, "hidden files and directories are not allowed", http.StatusUnauthorized)
+			return
+		}
 		h.ServeHTTP(w, r)
 	})
 }