diff --git a/websockify/websocket.py b/websockify/websocket.py
index 8240fc3..2475f99 100644
--- a/websockify/websocket.py
+++ b/websockify/websocket.py
@@ -92,7 +92,7 @@ Sec-WebSocket-Accept: %s\r
 
     def __init__(self, listen_host='', listen_port=None, source_is_ipv6=False,
             verbose=False, cert='', key='', ssl_only=None,
-            daemon=False, record='', web='',
+            daemon=False, record='', web='', file_only=False, no_parent=False,
             run_once=False, timeout=0, idle_timeout=0):
 
         # settings
@@ -110,6 +110,9 @@ Sec-WebSocket-Accept: %s\r
         self.ws_connection  = False
         self.handler_id     = 1
 
+        self.file_only      = file_only
+        self.no_parent      = no_parent
+
         # Make paths settings absolute
         self.cert = os.path.abspath(cert)
         self.key = self.web = self.record = ''
@@ -620,7 +623,8 @@ Sec-WebSocket-Accept: %s\r
             self.scheme = "ws"
             stype = "Plain non-SSL (ws://)"
 
-        wsh = WSRequestHandler(retsock, address, not self.web)
+        wsh = WSRequestHandler(retsock, address, not self.web, 
+                               self.file_only, self.no_parent)
         if wsh.last_code == 101:
             # Continue on to handle WebSocket upgrade
             pass
@@ -859,11 +863,16 @@ Sec-WebSocket-Accept: %s\r
 
 # HTTP handler with WebSocket upgrade support
 class WSRequestHandler(SimpleHTTPRequestHandler):
-    def __init__(self, req, addr, only_upgrade=False):
+    def __init__(self, req, addr, only_upgrade=False, file_only=False,
+                 no_parent=False):
         self.only_upgrade = only_upgrade # only allow upgrades
+        self.webroot = os.path.realpath(".")
+        self.file_only = file_only
+        self.no_parent = no_parent
         SimpleHTTPRequestHandler.__init__(self, req, addr, object())
 
     def do_GET(self):
+        abspath = os.path.realpath("." + (self.path.split('?')[0]))
         if (self.headers.get('upgrade') and
                 self.headers.get('upgrade').lower() == 'websocket'):
 
@@ -874,6 +883,10 @@ class WSRequestHandler(SimpleHTTPRequestHandler):
             # Normal web request responses are disabled
             self.last_code = 405
             self.last_message = "405 Method Not Allowed"
+        elif self.file_only and not os.path.isfile(abspath):
+            self.send_response(404,  "No such file")
+        elif self.no_parent and not abspath.startswith(self.webroot):
+            self.send_response(403,  "Hidden resources")
         else:
             SimpleHTTPRequestHandler.do_GET(self)