diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
index 5b443c4..70d16ca 100644
--- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
@@ -488,6 +488,10 @@ public class S3ProxyHandler {
                 long expires = Long.parseLong(expiresString);
                 long nowSeconds = System.currentTimeMillis() / 1000;
                 if (nowSeconds >= expires) {
+                    throw new S3Exception(S3ErrorCode.ACCESS_DENIED,
+                            "Request has expired");
+                }
+                if (expires - nowSeconds > TimeUnit.DAYS.toSeconds(365)) {
                     throw new S3Exception(S3ErrorCode.ACCESS_DENIED);
                 }
             }
@@ -503,6 +507,9 @@ public class S3ProxyHandler {
                     throw new S3Exception(S3ErrorCode.ACCESS_DENIED,
                             "Request has expired");
                 }
+                if (expires > TimeUnit.DAYS.toSeconds(7)) {
+                    throw new S3Exception(S3ErrorCode.ACCESS_DENIED);
+                }
             }
             // The aim ?
             switch (authHeader.authenticationType) {