diff --git a/kernel/router.php b/kernel/router.php
index 8d449df..19f13e3 100644
--- a/kernel/router.php
+++ b/kernel/router.php
@@ -16,6 +16,9 @@ class Router {
     private $namespaces = [];
     private $currentNamespaceHandler;
 
+    // List of forbidden route, to avoid calling private or other REST verbs
+    private $forbiddenRoutes = [ '__', '_post', '_delete', '_put', '_patch'];
+
 
     public function registerNamespace($name, $authLevel, $haveCharacterId) {
         $this->namespaces[$name] = new NamespaceHandler($name, $authLevel, $haveCharacterId);
@@ -61,6 +64,12 @@ class Router {
             $this->controller = $this->getFromUrl($requestParts, 1, "pages");
             $this->func = $this->getFromUrl($requestParts, 2, "index");
         }
+
+        foreach ($this->forbiddenRoutes as $forbiddenRoute) {
+            if (str_contains($this->func, $forbiddenRoute)) {
+                $renderer->error(500);
+            }
+        }
     }
 
     private function getControllerPath() {