diff --git a/src/broen.app.src b/src/broen.app.src
index 9e8edd6..6a7754e 100644
--- a/src/broen.app.src
+++ b/src/broen.app.src
@@ -1,7 +1,7 @@
 {application, broen,
   [
     {description, "broen provides a bridge between HTTP and AMQP"},
-    {vsn, "2.2.6"},
+    {vsn, "2.2.7"},
     {registered, []},
     {applications, [
       kernel,
diff --git a/src/broen_core.erl b/src/broen_core.erl
index 06021b0..c334c5e 100644
--- a/src/broen_core.erl
+++ b/src/broen_core.erl
@@ -277,7 +277,32 @@ valid_route([]) ->
   false;
 valid_route(Paths) ->
   Sum = lists:foldl(fun(El, Sum) -> Sum + byte_size(El) end, 0, Paths),
-  Sum =< 255.
+  (Sum =< 255) and valid_uri(Paths).
+
+%% check that all path tokens are printable (filter requests with control
+%% characters) and valid utf8 strings
+valid_uri(Paths) ->
+  Printable = fun (T) ->
+    case io_lib:printable_unicode_list(binary_to_list(T)) of
+      true -> true;
+      false ->
+        lager:warning("Non-printable path segment: ~p", [T]),
+        false
+    end
+  end,
+  ValidUtf8 = fun (T) ->
+    case unicode:characters_to_binary(T, utf8, utf8) of
+      Res when is_binary(Res) -> true;
+      Other ->
+        lager:warning("Invalid path segment encoding: ~p (~p)", [T, Other]),
+        false
+    end
+  end,
+
+  CheckFun = fun (T) ->
+    ValidUtf8(T) and Printable(T)
+  end,
+  lists:all(CheckFun, Paths).
 
 %% '.' is converted to '_' iff the keep_dots_in_routing_key is false,
 %% otherwise it is left as a '.'