diff --git a/server/check.go b/server/check.go
index 7c7404d8..d2551d30 100644
--- a/server/check.go
+++ b/server/check.go
@@ -6,6 +6,7 @@ import (
 	"github.com/Xhofe/alist/utils"
 	"github.com/gin-gonic/gin"
 	"gorm.io/gorm"
+	"path/filepath"
 )
 
 func Auth(c *gin.Context) {
@@ -37,3 +38,18 @@ func CheckAccount(c *gin.Context) {
 	}
 	c.Next()
 }
+
+func CheckParent(path string, password string) bool {
+	meta, err := model.GetMetaByPath(path)
+	if err == nil {
+		if meta.Password != "" && meta.Password != password {
+			return false
+		}
+		return true
+	} else {
+		if path == "/" {
+			return true
+		}
+		return CheckParent(filepath.Dir(path), password)
+	}
+}
diff --git a/server/path.go b/server/path.go
index 9b99e76f..b9283da1 100644
--- a/server/path.go
+++ b/server/path.go
@@ -2,10 +2,12 @@ package server
 
 import (
 	"fmt"
+	"github.com/Xhofe/alist/conf"
 	"github.com/Xhofe/alist/model"
 	"github.com/Xhofe/alist/utils"
 	"github.com/gin-gonic/gin"
 	log "github.com/sirupsen/logrus"
+	"path/filepath"
 	"strings"
 )
 
@@ -30,6 +32,12 @@ func Path(c *gin.Context) {
 		}
 		// TODO hide or ignore?
 	}
+	if conf.CheckParent {
+		if !CheckParent(filepath.Dir(req.Path), req.Password) {
+			ErrorResp(c, fmt.Errorf("wrong password"), 401)
+			return
+		}
+	}
 	if model.AccountsCount() > 1 && req.Path == "/" {
 		files, err := model.GetAccountFiles()
 		if err != nil {