diff --git a/sourcing/model.py b/sourcing/model.py
index 7b527cb..15a598e 100644
--- a/sourcing/model.py
+++ b/sourcing/model.py
@@ -19,6 +19,8 @@ doc_hashids = Hashids(min_length=8)
 Base = declarative_base()
 Base.query = session.query_property()
 
+re_server_url = re.compile('^http://perma.pub/\d+/([^/]+)/([^/]+)$')
+
 # list of disallowed usernames - maybe this should be in the database
 reserved_name = ['root', 'admin', 'administrator', 'support', 'info',
     'test', 'tech', 'online', 'old', 'new', 'jobs', 'login', 'job', 'ipad'
@@ -138,7 +140,11 @@ class Item(TimeStampedModel):
 
     @classmethod
     def get_by_hashid(cls, hashid):
-        return cls.query.get(doc_hashids.decode(hashid))
+        try:
+            item_id = doc_hashids.decode(hashid)[0]
+        except IndexError:
+            return
+        return cls.query.get(item_id)
 
     @property
     def url(self):
@@ -163,11 +169,12 @@ class Item(TimeStampedModel):
     @classmethod
     def from_external(cls, url):
         home = url_for('.home', _external=True)
-        if not url.startswith(home):
+        m = re_server_url.match(url)
+        if not m:
             return
-        username, _, hashid = url[len(home):].partition('/')
-        q = cls.query.filter(User.username == username,
-                             cls.id == doc_hashids.decode(hashid)[0])
+        username, hashid = m.groups()
+        item_id = doc_hashids.decode(hashid)[0]
+        q = cls.query.filter(User.username == username, cls.id == item_id)
         return q.one_or_none()
 
 class XanaDoc(Item):