diff --git a/docs/config/server-options.md b/docs/config/server-options.md
index 19065294aeab35..8ee1a40b7f79b0 100644
--- a/docs/config/server-options.md
+++ b/docs/config/server-options.md
@@ -266,6 +266,8 @@ Restrict serving files outside of workspace root.
 
 Restrict files that could be served via `/@fs/`. When `server.fs.strict` is set to `true`, accessing files outside this directory list that aren't imported from an allowed file will result in a 403.
 
+Both directories and files can be provided.
+
 Vite will search for the root of the potential workspace and use it as default. A valid workspace met the following conditions, otherwise will fall back to the [project root](/guide/#index-html-and-project-root).
 
 - contains `workspaces` field in `package.json`
@@ -298,7 +300,8 @@ export default defineConfig({
         // search up for workspace root
         searchForWorkspaceRoot(process.cwd()),
         // your custom rules
-        '/path/to/custom/allow',
+        '/path/to/custom/allow_directory',
+        '/path/to/custom/allow_file.demo',
       ],
     },
   },
diff --git a/packages/vite/src/node/server/middlewares/static.ts b/packages/vite/src/node/server/middlewares/static.ts
index 42aa48a124c52b..387ea96b6df78f 100644
--- a/packages/vite/src/node/server/middlewares/static.ts
+++ b/packages/vite/src/node/server/middlewares/static.ts
@@ -14,6 +14,7 @@ import {
   isImportRequest,
   isInternalRequest,
   isParentDirectory,
+  isSameFileUri,
   isWindows,
   removeLeadingSlash,
   shouldServeFile,
@@ -199,7 +200,11 @@ export function isFileServingAllowed(
 
   if (server.moduleGraph.safeModulesPath.has(file)) return true
 
-  if (server.config.server.fs.allow.some((dir) => isParentDirectory(dir, file)))
+  if (
+    server.config.server.fs.allow.some(
+      (uri) => isSameFileUri(uri, file) || isParentDirectory(uri, file),
+    )
+  )
     return true
 
   return false
diff --git a/packages/vite/src/node/utils.ts b/packages/vite/src/node/utils.ts
index 78adaecb3272e3..51cdcf6484aa6a 100644
--- a/packages/vite/src/node/utils.ts
+++ b/packages/vite/src/node/utils.ts
@@ -240,6 +240,22 @@ export function isParentDirectory(dir: string, file: string): boolean {
   )
 }
 
+/**
+ * Check if 2 file name are identical
+ *
+ * Warning: parameters are not validated, only works with normalized absolute paths
+ *
+ * @param file1 - normalized absolute path
+ * @param file2 - normalized absolute path
+ * @returns true if both files url are identical
+ */
+export function isSameFileUri(file1: string, file2: string): boolean {
+  return (
+    file1 === file2 ||
+    (isCaseInsensitiveFS && file1.toLowerCase() === file2.toLowerCase())
+  )
+}
+
 export const queryRE = /\?.*$/s
 
 const postfixRE = /[?#].*$/s