diff --git a/lib/MyApp.pm b/lib/MyApp.pm
index 03180aa..17b48de 100644
--- a/lib/MyApp.pm
+++ b/lib/MyApp.pm
@@ -18,6 +18,11 @@ sub add_my_helpers ($self) {
    $self->helper(
       logname => sub ($self) { $self->session('logname'); }
    );
+   $self->helper(
+      max_rpp => sub ($self) {
+         return $self->config->{'maximum-rows-per-page'};
+      }
+   );
    $self->helper(
       rpp => sub ($self) {
          $self->session('rows_per_page') // $self->default_rpp;
diff --git a/lib/MyApp/Controller/Auth.pm b/lib/MyApp/Controller/Auth.pm
index 7ee2288..f00222d 100644
--- a/lib/MyApp/Controller/Auth.pm
+++ b/lib/MyApp/Controller/Auth.pm
@@ -1,6 +1,6 @@
 package MyApp::Controller::Auth;
 use Mojo::Base 'Mojolicious::Controller', -signatures;
-
+use List::Util qw( min max );
 
 sub index ($self) {
    my $msg = $self->flash('err');
@@ -27,7 +27,11 @@ sub logout ($self) {
 }
 
 sub preferences ($self) {
-   $self->session(rows_per_page => $self->param('rows_per_page'));
+   $self->session(
+      rows_per_page => max(
+         1, min($self->max_rpp, $self->param('rows_per_page'))
+      )
+   );
    $self->flash(
       confirmation => sprintf("Updated rows per page to %s.", $self->rpp)
    );
diff --git a/lib/MyModel.pm b/lib/MyModel.pm
index 967de3d..eb5c247 100644
--- a/lib/MyModel.pm
+++ b/lib/MyModel.pm
@@ -7,10 +7,10 @@ use Book::Schema;
 use List::Util qw( max min );
 no warnings qw( experimental::signatures );
 
-# Keep rows-per-page within a sane range.
+# Keep rows-per-page within a somewhat-sane range.
 subtype 'RowsPerPage',
    as 'Int',
-   where { 5 <= $_ && $_ <= 100 };
+   where { 1 <= $_ && $_ <= 1000 };
 
 has 'rows_per_page' => (
    is => 'rw',
diff --git a/my_app.yml b/my_app.yml
index 479accf..0f1a206 100644
--- a/my_app.yml
+++ b/my_app.yml
@@ -2,3 +2,4 @@
 secrets:
   - 197b9b0060f3285c0909d83598e54f9ec0602151
 default-rows-per-page: 10
+maximum-rows-per-page: 100
diff --git a/t/notfound.t b/t/notfound.t
new file mode 100644
index 0000000..c01fa24
--- /dev/null
+++ b/t/notfound.t
@@ -0,0 +1,21 @@
+use Mojo::Base -strict;
+
+use Test2::V0;
+use Test::Mojo;
+
+my $t = Test::Mojo->new('MyApp');
+
+# Page zero gets a redirect.
+$t->get_ok('/books/0')->status_is(302);
+
+# Now follow redirects and verify it's a 404.
+$t->ua->max_redirects(10);
+$t->get_ok('/books/0')->status_is(404);
+
+# Likewise for a too-high page number.
+$t->get_ok('/books/999?title_like=qxqxqxqx')->status_is(404);
+
+# Or non-existent author.
+$t->get_ok('/author/0/1')->status_is(404);
+
+done_testing();
diff --git a/templates/auth/account.html.ep b/templates/auth/account.html.ep
index d5af532..bd336a3 100644
--- a/templates/auth/account.html.ep
+++ b/templates/auth/account.html.ep
@@ -5,7 +5,7 @@
 %= form_for preferences => begin
 %= label_for rows_per_page => 'Rows per page'
 <%= number_field rows_per_page => $c->rpp,
-   min => 5, max => 100, maxlength => 4, size => 4 %>
+   min => 1, max => max_rpp, maxlength => 4, size => 4 %>
 %= submit_button "Update"
 % end
 <p/>
diff --git a/templates/not_found.html.ep b/templates/not_found.html.ep
new file mode 100644
index 0000000..50f173e
--- /dev/null
+++ b/templates/not_found.html.ep
@@ -0,0 +1,5 @@
+% layout 'default';
+% title "Not found";
+<h1><%= title %></h1>
+
+Sorry, no such page.