diff --git a/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng
index 909e5b69b6319b3012ad3bf889bb77539938b9f7..92f55a9811eef58d9469dd9c8323c00e9e1745c3 100644
--- a/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/de_web_vhost_subdomain.lng
@@ -1,6 +1,8 @@
 <?php
 $wb["parent_domain_id_txt"] = 'Website';
 $wb["web_folder_txt"] = 'Basisordner';
+$wb["web_folder_invalid_txt"] = 'Dieser Ordner darf nicht als Basisordner verwendet werden.';
+$wb["web_folder_unique_txt"] = 'Dieser Ordner wird bereits verwendet, bitte geben Sie einen anderen Basisordner an.';
 $wb['ssl_state_txt'] = 'Bundesland';
 $wb['ssl_locality_txt'] = 'Ort';
 $wb['ssl_organisation_txt'] = 'Firma';
diff --git a/interface/web/sites/lib/lang/en_web_vhost_subdomain.lng b/interface/web/sites/lib/lang/en_web_vhost_subdomain.lng
index 8b76375bb5d0242ef038a23c1336f51776cc163d..274a5b63c34a44acb8aabcdb331cb7d9551d8914 100644
--- a/interface/web/sites/lib/lang/en_web_vhost_subdomain.lng
+++ b/interface/web/sites/lib/lang/en_web_vhost_subdomain.lng
@@ -1,6 +1,8 @@
 <?php
 $wb["parent_domain_id_txt"] = 'Parent Website';
 $wb["web_folder_txt"] = 'Web folder';
+$wb["web_folder_invalid_txt"] = 'The web folder is invalid, please choose a different one.';
+$wb["web_folder_unique_txt"] = 'The web folder is already used, please choose a different one.';
 $wb["backup_interval_txt"] = 'Backup interval';
 $wb["backup_copies_txt"] = 'Number of backup copies';
 $wb["ssl_state_txt"] = 'State';
diff --git a/interface/web/sites/web_vhost_subdomain_edit.php b/interface/web/sites/web_vhost_subdomain_edit.php
index afe8c38cb772cc3d931c8ee420937b0458f98ffc..a5866c879821c08cca7f443df7bda716f1ece196 100644
--- a/interface/web/sites/web_vhost_subdomain_edit.php
+++ b/interface/web/sites/web_vhost_subdomain_edit.php
@@ -245,7 +245,16 @@ class page_action extends tform_actions {
 		$this->parent_domain_record = $parent_domain;
         
         $read_limits = array('limit_cgi', 'limit_ssi', 'limit_perl', 'limit_ruby', 'limit_python', 'force_suexec', 'limit_hterror', 'limit_wildcard', 'limit_ssl');
-
+        $this->dataRecord['web_folder'] = strtolower($this->dataRecord['web_folder']);
+        $forbidden_folders = array('', 'cgi-bin', 'web', 'log', 'private', 'ssl', 'tmp', 'webdav');
+        if(in_array($this->dataRecord['web_folder'], $forbidden_folders) || preg_match('/^log_web\d+$/', $this->dataRecord['web_folder'])) {
+            $app->tform->errorMessage .= $app->tform->lng("web_folder_invalid_txt")."<br>";
+        }
+        // check for duplicate folder usage
+        $check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostsubdomain' AND `parent_domain_id` = '" . intval($this->dataRecord['parent_domain_id']) . "' AND `web_folder` = '" . $app->db->quote($this->dataRecord['web_folder']) . "'");
+        if($check && $check['cnt'] > 0) {
+            $app->tform->errorMessage .= $app->tform->lng("web_folder_unique_txt")."<br>";
+        }
 
 		if($_SESSION["s"]["user"]["typ"] != 'admin') {
 			// Get the limits of the client