diff --git a/ql/src/semmle/go/security/UrlConcatenation.qll b/ql/src/semmle/go/security/UrlConcatenation.qll
index 9c75b3f8279..c0ff4ff960c 100644
--- a/ql/src/semmle/go/security/UrlConcatenation.qll
+++ b/ql/src/semmle/go/security/UrlConcatenation.qll
@@ -55,6 +55,9 @@ private predicate concatenationHasHostnameSanitizingSubstring(StringOps::Concate
   exists(StringOps::ConcatenationLeaf lf | lf = cat.getALeaf() |
     lf.getStringValue().regexpMatch(".*([?#]|[^?#:/\\\\][/\\\\]).*|[/\\\\][^/\\\\].*")
     or
+    lf.getStringValue() = "/" and
+    exists(lf.getPreviousLeaf())
+    or
     hasHostnameSanitizingSubstring(lf.asNode())
   )
 }