diff --git a/www/clients.php b/www/clients.php
index e96c066..9056bb9 100644
--- a/www/clients.php
+++ b/www/clients.php
@@ -146,10 +146,10 @@ foreach ($clients as $c) {
 
     authenticate_client($c);
     if ($path === "/$c") {
-        header('Status: 303');
+        header('Status: 308');
         header("Location: $c/");
-        header('Content-Length: 14');
-        exit("303 See Other\n");
+        header('Content-Length: 23');
+        exit("308 Permanent Redirect\n");
     } elseif ($path === "/$c/") {
         if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
             header("Status: 405");
@@ -162,7 +162,7 @@ foreach ($clients as $c) {
         echo "{\"data\": [\n";
         $first = true;
         foreach (scandir(".data/clients/$c/") as $file) {
-            if (str_starts_with($file, ".") || str_ends_with($file, ".php")) continue;
+            if (str_starts_with($file, ".") || str_ends_with($file, ".php") || str_ends_with($file, ".inc")) continue;
             if (!$first) echo ",\n";
             $path = ".data/clients/$c/$file";
             $size = filesize($path);
@@ -171,8 +171,8 @@ foreach ($clients as $c) {
             $cre = date(DATE_ATOM, filectime($path));
             $datetime = "null";
             $zwstid = "null";
-            if (str_ends_with($file, ".zip") && substr_count($file, "_") === 2) {
-                $parts = explode("_", substr($file, 0, -4));
+            if (str_ends_with($file, ".elwig.zip") && substr_count($file, "_") === 2) {
+                $parts = explode("_", substr($file, 0, -10));
                 $time = str_replace("-", ":", $parts[1]);
                 $dt = DateTime::createFromFormat("Y-m-d H:i:s", "$parts[0] $time");
                 $datetime = '"' . $dt->format(DateTimeInterface::RFC3339) . '"';
@@ -188,9 +188,10 @@ foreach ($clients as $c) {
         echo "\n]}\n";
         exit();
     }
+
     $file = substr($path, strlen("/$c/"));
     $path = ".data/clients/$c/$file";
-    if (str_contains($file, '/')) {
+    if (!preg_match_all('/[A-Za-z0-9_.-]+/', $file) && !($file === '*' && $_SERVER['REQUEST_METHOD'] === 'DELETE')) {
         header('Status: 400');
         header('Content-Length: 16');
         exit("400 Bad Request\n");
@@ -222,12 +223,23 @@ foreach ($clients as $c) {
         header('Content-Length: 12');
         exit("201 Created\n");
     } elseif ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
-        if (unlink($path) === false) {
+        if ($file === '*') {
+            foreach (scandir(".data/clients/$c/") as $f) {
+                if (str_starts_with($f, ".") || str_ends_with($f, ".php") || str_ends_with($f, ".inc")) continue;
+                if (unlink(".data/clients/$c/$f") === false) {
+                    header("Status: 500");
+                    exit("500 Internal Server Error\n");
+                }
+                echo "Deleted $f\n";
+            }
+        } else if (!is_file($path)) {
+            header("Status: 404");
+            header("Content-Length: 14");
+            exit("404 Not Found\n");
+        } else if (unlink($path) === false) {
             header("Status: 500");
-            header("Content-Length: 26");
             exit("500 Internal Server Error\n");
         }
-        header('Content-Length: 6');
         exit("200 OK\n");
     } else {
         header("Status: 405");