diff --git a/http/resource.go b/http/resource.go
index 1886e777..304c9ad3 100644
--- a/http/resource.go
+++ b/http/resource.go
@@ -84,14 +84,12 @@ var resourceGetHandler = withUser(func(w http.ResponseWriter, r *http.Request, d
 
 			// remove symlinks that link outside base path
 			if fi.IsSymlink {
-				var fullLinkTarget string
-				if filepath.IsAbs(fi.Link) {
-					fullLinkTarget = fi.Link
-				} else {
-					fullLinkTarget = filepath.Join(d.user.FullPath(file.Path), fi.Link)
+				link := fi.Link
+				if !filepath.IsAbs(link) {
+					link = filepath.Join(d.user.FullPath(file.Path), link)
 				}
-				scopedLinkTarget := d.user.FullPath(filepath.Join(file.Path, fi.Link))
-				if fullLinkTarget != scopedLinkTarget {
+				link = filepath.Clean(link)
+				if !strings.HasPrefix(link, d.server.Root) {
 					return false
 				}
 			}