diff --git a/apps/files_sharing/lib/Controller/ExternalSharesController.php b/apps/files_sharing/lib/Controller/ExternalSharesController.php
index 70e9eb5c46514..e7189dabfbd95 100644
--- a/apps/files_sharing/lib/Controller/ExternalSharesController.php
+++ b/apps/files_sharing/lib/Controller/ExternalSharesController.php
@@ -100,10 +100,11 @@ protected function testUrl($remote, $checkVersion = false) {
 	 *
 	 * @param string $remote
 	 * @return DataResponse
+	 * @AnonRateThrottle(limit=5, period=120)
 	 */
 	#[PublicPage]
 	public function testRemote($remote) {
-		if (str_contains($remote, '#') || str_contains($remote, '?') || str_contains($remote, ';')) {
+		if (preg_match('%[!#$&\'()*+,;=?@[\]]%', $remote)) {
 			return new DataResponse(false);
 		}