diff --git a/wagtail/wagtaildocs/tests.py b/wagtail/wagtaildocs/tests.py
index 872f66ef9..fdd908cd2 100644
--- a/wagtail/wagtaildocs/tests.py
+++ b/wagtail/wagtaildocs/tests.py
@@ -1067,7 +1067,7 @@ class TestServeView(TestCase):
         self.document.file.save('example.doc', ContentFile("A boring example document"))
 
     def get(self):
-        return self.client.get(reverse('wagtaildocs_serve', args=(self.document.id, 'example.doc')))
+        return self.client.get(reverse('wagtaildocs_serve', args=(self.document.id, self.document.filename)))
 
     def test_response_code(self):
         self.assertEqual(self.get().status_code, 200)
@@ -1104,14 +1104,8 @@ class TestServeView(TestCase):
         self.assertEqual(response.status_code, 404)
 
     def test_with_incorrect_filename(self):
-        """
-        Wagtail should be forgiving with filenames at the end of the URL. These
-        filenames are to make the URL look nice, and to provide a fallback for
-        browsers that do not handle the 'Content-Disposition' header filename
-        component. They should not be validated.
-        """
         response = self.client.get(reverse('wagtaildocs_serve', args=(self.document.id, 'incorrectfilename')))
-        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.status_code, 404)
 
     def clear_sendfile_cache(self):
         from wagtail.utils.sendfile import _get_sendfile
@@ -1131,7 +1125,7 @@ class TestServeViewWithSendfile(TestCase):
         self.document.file.save('example.doc', ContentFile("A boring example document"))
 
     def get(self):
-        return self.client.get(reverse('wagtaildocs_serve', args=(self.document.id, 'example.doc')))
+        return self.client.get(reverse('wagtaildocs_serve', args=(self.document.id, self.document.filename)))
 
     def clear_sendfile_cache(self):
         from wagtail.utils.sendfile import _get_sendfile
diff --git a/wagtail/wagtaildocs/views/serve.py b/wagtail/wagtaildocs/views/serve.py
index 66a1abd43..d3e163c4f 100644
--- a/wagtail/wagtaildocs/views/serve.py
+++ b/wagtail/wagtaildocs/views/serve.py
@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
 from wsgiref.util import FileWrapper
 
 from django.conf import settings
-from django.http import BadHeaderError, StreamingHttpResponse
+from django.http import BadHeaderError, Http404, StreamingHttpResponse
 from django.shortcuts import get_object_or_404
 from unidecode import unidecode
 
@@ -16,6 +16,12 @@ def serve(request, document_id, document_filename):
     Document = get_document_model()
     doc = get_object_or_404(Document, id=document_id)
 
+    # We want to ensure that the document filename provided in the URL matches the one associated with the considered
+    # document_id. If not we can't be sure that the document the user wants to access is the one corresponding to the
+    # <document_id, document_filename> pair.
+    if doc.filename != document_filename:
+        raise Http404('This document does not match the given filename.')
+
     # Send document_served signal
     document_served.send(sender=Document, instance=doc, request=request)