diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
index 142dd239..591768fb 100644
--- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
+++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
@@ -65,6 +65,11 @@ public class LoginServiceImpl implements LoginService {
     @Override
     public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) {
         String uri = request.getRequestURI();
+        if (uri.contains("..")) {
+            LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal||uri={}", uri);
+            return false;
+        }
+
         if (!(uri.contains(ApiPrefix.API_V1_NORMAL_PREFIX)
                 || uri.contains(ApiPrefix.API_V1_RD_PREFIX)
                 || uri.contains(ApiPrefix.API_V1_OP_PREFIX))) {