diff --git a/web/root/ecwebv3/index.xjs b/web/root/ecwebv3/index.xjs
index ade9ba6617434375096ce080ebe1198c914a80e0..2acba034a7e3f7f04b0504cf9a7637a7e3a57ae3 100644
--- a/web/root/ecwebv3/index.xjs
+++ b/web/root/ecwebv3/index.xjs
@@ -1,4 +1,26 @@
-<?xjs load('webInit.ssjs'); ?>
+<?xjs
+	load('webInit.ssjs');
+	function checkWebCtrl(path, fileName) {
+		if(!file_exists(path + "webctrl.ini"))
+			return true; // Directory is not controlled, allow access
+		var f = new File(path + "webctrl.ini");
+		f.open("r");
+		if(f.is_open) {
+			var webctrl = f.iniGetAllObjects();
+			f.close();
+		} else {
+			return false; // Directory is controlled but webctrl not openable
+		}
+		for(var w = 0; w < webctrl.length; w++) {
+			if(webctrl[w].name != fileName)
+				continue;
+			if(webctrl[w].hasOwnProperty('AccessRequirements') && !user.compare_ars(webctrl[w].AccessRequirements))
+				return false;
+		}
+		return true;
+	}
+?>
+
 <html>
 
 <head>
@@ -23,6 +45,9 @@
 	for(var f = 0; f < d.length; f++) {
 		if(file_isdir(d[f]))
 			continue;
+		var fn = file_getname(d[f]);
+		if(!checkWebCtrl(webIni.RootDirectory + '/sidebar/', fn))
+			continue;
 		var ext = d[f].toUpperCase().split(".").slice(1).join(".");
 		if(ext == "XJS.SSJS")
 			continue;
@@ -65,7 +90,9 @@
 	else
 		ext = ext.toUpperCase();
 	var f = file_exists(webIni.RootDirectory + "/pages/" + page);
-	if(f && ext == ".SSJS") {
+	if(!f || !checkWebCtrl(webIni.RootDirectory + "/pages/", page)) {
+		print("Page not available.");
+	} else if(ext == ".SSJS") {
 		load(webIni.RootDirectory + "/pages/" + page);
 	} else if(f && ext == ".HTML") {
 		var f = new File(webIni.RootDirectory + "/pages/" + page);