diff --git a/htdocs/public.php b/htdocs/public.php
index 4d15c9b8..2c9c61ca 100644
--- a/htdocs/public.php
+++ b/htdocs/public.php
@@ -20,11 +20,14 @@ header( "DAV: $dav");
 
 require_once("CalDAVRequest.php");
 $request = new CalDAVRequest();
-if ( !isset($request->ticket) && !$request->IsPublic()
-       || (isset($request->ticket) && $request->ticket->expired ) ) {
+if ( ! $request->IsPublic()
+           || ! isset($request->ticket)
+           || $request->ticket->expired
+           || ! $request->ticket->MatchesPath($request->path) ) {
   $request->DoResponse( 403, translate('Anonymous users may only access public calendars') );
 }
 
+
 switch ( $request->method ) {
   case 'OPTIONS':    include_once("caldav-OPTIONS.php");    break;
   case 'REPORT':     include_once("caldav-REPORT.php");     break;