diff --git a/cps/web.py b/cps/web.py
index da601c10..f73e974f 100755
--- a/cps/web.py
+++ b/cps/web.py
@@ -52,6 +52,7 @@ from cgi import escape
 
 # Global variables
 global_task = None
+ALLOWED_EXTENSIONS = set(['txt', 'pdf', 'epub', 'mobi', 'azw', 'azw3', 'cbr', 'cbz', 'cbt', 'djvu', 'prc', 'doc', 'docx'])
 
 
 # Proxy Helper class
@@ -2115,6 +2116,13 @@ def upload():
     db.session.connection().connection.connection.create_function('uuid4', 0, lambda: str(uuid4()))
     if request.method == 'POST' and 'btn-upload' in request.files:
         file = request.files['btn-upload']
+        if not ('.' in file.filename and file.filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS):
+            flash(
+                _('File extension "%s" is not allowed to be uploaded to this server' % 
+                file.filename.rsplit('.', 1)[1].lower()),
+                category="error"
+            )
+            return redirect(url_for('index'))
         meta = uploader.upload(file)
 
         title = meta.title