diff --git a/Userland/Services/WebServer/Client.cpp b/Userland/Services/WebServer/Client.cpp
index 8c3fcd7f16..d2f6663885 100644
--- a/Userland/Services/WebServer/Client.cpp
+++ b/Userland/Services/WebServer/Client.cpp
@@ -138,6 +138,12 @@ ErrorOr<bool> Client::handle_request(HTTP::HttpRequest const& request)
 
         auto index_html_path = TRY(String::formatted("{}/index.html", real_path));
         if (!FileSystem::exists(index_html_path)) {
+            auto is_searchable_or_error = Core::System::access(real_path.bytes_as_string_view(), X_OK);
+            if (is_searchable_or_error.is_error()) {
+                TRY(send_error_response(403, request));
+                return false;
+            }
+
             TRY(handle_directory_listing(requested_path, real_path, request));
             return true;
         }
@@ -149,6 +155,12 @@ ErrorOr<bool> Client::handle_request(HTTP::HttpRequest const& request)
         return false;
     }
 
+    auto is_readable_or_error = Core::System::access(real_path.bytes_as_string_view(), R_OK);
+    if (is_readable_or_error.is_error()) {
+        TRY(send_error_response(403, request));
+        return false;
+    }
+
     if (FileSystem::is_device(real_path.bytes_as_string_view())) {
         TRY(send_error_response(403, request));
         return false;