diff --git a/middleware/fileserver.go b/middleware/fileserver.go
index 4b3cab026..6cdb0ff54 100644
--- a/middleware/fileserver.go
+++ b/middleware/fileserver.go
@@ -141,6 +141,7 @@ func (fh fileHandler) isHidden(name string) bool {
 		name = strings.TrimSpace(name)
 		for strings.HasSuffix(name, ".") {
 			name = name[:len(name)-1]
+			name = strings.TrimSpace(name)
 		}
 	}
 	// If the file is supposed to be hidden, return a 404
diff --git a/middleware/fileserver_test.go b/middleware/fileserver_test.go
index 0f5b1faca..ba2f23bad 100644
--- a/middleware/fileserver_test.go
+++ b/middleware/fileserver_test.go
@@ -112,6 +112,26 @@ func TestServeHTTP(t *testing.T) {
 			expectedStatus:      http.StatusMovedPermanently,
 			expectedBodyContent: movedPermanently,
 		},
+		// Test 11 - attempt to bypass hidden file
+		{
+			url:            "https://foo/dir/hidden.html%20",
+			expectedStatus: http.StatusNotFound,
+		},
+		// Test 12 - attempt to bypass hidden file
+		{
+			url:            "https://foo/dir/hidden.html.",
+			expectedStatus: http.StatusNotFound,
+		},
+		// Test 13 - attempt to bypass hidden file
+		{
+			url:            "https://foo/dir/hidden.html.%20",
+			expectedStatus: http.StatusNotFound,
+		},
+		// Test 14 - attempt to bypass hidden file
+		{
+			url:            "https://foo/dir/hidden.html%20.",
+			expectedStatus: http.StatusNotFound,
+		},
 	}
 
 	for i, test := range tests {