diff --git a/main.go b/main.go
index 7a73106..c1a96f0 100644
--- a/main.go
+++ b/main.go
@@ -40,6 +40,10 @@ func main() {
 		conf.HookLogDir = os.TempDir()
 	}
 
+	if err := conf.Validate(); err != nil {
+		logger.Error.Fatal("invalid configuration:", err)
+	}
+
 	logger.Debug.Println("starting webhookd server...")
 
 	srv := server.NewServer(conf)
diff --git a/pkg/api/routes.go b/pkg/api/routes.go
index fa2c622..72781c5 100644
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@@ -42,6 +42,7 @@ func buildMiddlewares(conf *config.Config) middleware.Middlewares {
 
 func routes(conf *config.Config) Routes {
 	middlewares := buildMiddlewares(conf)
+	staticPath := conf.StaticPath + "/"
 	return Routes{
 		route(
 			"/",
@@ -49,8 +50,8 @@ func routes(conf *config.Config) Routes {
 			middlewares.UseBefore(middleware.Methods("GET", "POST"))...,
 		),
 		route(
-			"/static/",
-			static("/static/"),
+			staticPath,
+			static(staticPath),
 			middlewares.UseBefore(middleware.Methods("GET"))...,
 		),
 		route(
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 9b531db..5321328 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1,5 +1,10 @@
 package config
 
+import (
+	"fmt"
+	"regexp"
+)
+
 // Config contain global configuration
 type Config struct {
 	ListenAddr      string `flag:"listen-addr" desc:"HTTP listen address" default:":8080"`
@@ -15,6 +20,14 @@ type Config struct {
 	PasswdFile      string `flag:"passwd-file" desc:"Password file for basic HTTP authentication" default:".htpasswd"`
 	LogLevel        string `flag:"log-level" desc:"Log level (debug, info, warn, error)" default:"info"`
 	StaticDir       string `flag:"static-dir" desc:"Static file directory to serve on /static path" default:""`
+	StaticPath      string `flag:"static-path" desc:"Path to serve static file directory" default:"/static"`
 	NotificationURI string `flag:"notification-uri" desc:"Notification URI"`
 	TrustStoreFile  string `flag:"trust-store-file" desc:"Trust store used by HTTP signature verifier (.pem or .p12)"`
 }
+
+func (c *Config) Validate() error {
+	if matched, _ := regexp.MatchString(`^/\w+$`, c.StaticPath); !matched {
+		return fmt.Errorf("invalid static path: %s", c.StaticPath)
+	}
+	return nil
+}