diff --git a/src/_h5ai/server/php/inc/class-app.php b/src/_h5ai/server/php/inc/class-app.php
index 53477c02..e094fbfc 100644
--- a/src/_h5ai/server/php/inc/class-app.php
+++ b/src/_h5ai/server/php/inc/class-app.php
@@ -145,6 +145,10 @@ class App {
             return false;
         }
 
+        if ($path === APP_PATH || strpos($path, APP_PATH . '/') === 0) {
+            return false;
+        }
+
         foreach ($this->options["view"]["unmanaged"] as $name) {
             if (file_exists($path . "/" . $name)) {
                 return false;