diff --git a/http/commands.go b/http/commands.go
index 173e57a916..48c7f29788 100644
--- a/http/commands.go
+++ b/http/commands.go
@@ -59,19 +59,19 @@ var commandsHandler = withUser(func(w http.ResponseWriter, r *http.Request, d *d
 		}
 	}
 
-	if !d.server.EnableExec || !d.user.CanExecute(strings.Split(raw, " ")[0]) {
-		if err := conn.WriteMessage(websocket.TextMessage, cmdNotAllowed); err != nil { //nolint:govet
+	command, err := runner.ParseCommand(d.settings, raw)
+	if err != nil {
+		if err := conn.WriteMessage(websocket.TextMessage, []byte(err.Error())); err != nil { //nolint:govet
 			wsErr(conn, r, http.StatusInternalServerError, err)
 		}
-
 		return 0, nil
 	}
 
-	command, err := runner.ParseCommand(d.settings, raw)
-	if err != nil {
-		if err := conn.WriteMessage(websocket.TextMessage, []byte(err.Error())); err != nil { //nolint:govet
+	if !d.server.EnableExec || !d.user.CanExecute(command[0]) {
+		if err := conn.WriteMessage(websocket.TextMessage, cmdNotAllowed); err != nil { //nolint:govet
 			wsErr(conn, r, http.StatusInternalServerError, err)
 		}
+
 		return 0, nil
 	}