diff --git a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
index 95c537773..ce36f68df 100644
--- a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
+++ b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
@@ -57,6 +57,7 @@ import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
+import java.net.URLConnection;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Collection;
@@ -177,6 +178,13 @@ public final class DecodeServlet extends HttpServlet {
       return;
     }
 
+    String protocol = imageURL.getProtocol();
+    if (!"http".equalsIgnoreCase(protocol) && !"https".equalsIgnoreCase(protocol)) {
+      log.info("URI was not valid: " + imageURIString);
+      response.sendRedirect("badurl.jspx");
+      return;
+    }
+
     HttpURLConnection connection;
     try {
       connection = (HttpURLConnection) imageURL.openConnection();