diff --git a/auth_mellon_util.c b/auth_mellon_util.c
index 1fd3d4b..6fd83a7 100644
--- a/auth_mellon_util.c
+++ b/auth_mellon_util.c
@@ -916,6 +916,13 @@ int am_check_url(request_rec *r, const char *url)
                           "Control character detected in URL.");
             return HTTP_BAD_REQUEST;
         }
+        if (*i == '\\') {
+            /* Reject backslash character, as it can be used to bypass
+             * redirect URL validation. */
+            AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, HTTP_BAD_REQUEST, r,
+                          "Backslash character detected in URL.");
+            return HTTP_BAD_REQUEST;
+        }
     }
 
     return OK;